mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00
Code Releases Activity

Bug with tempnam("/tmp", "");

Browse Source 
Some hostings have a different temporary path than "/tmp".
This commit is contained in:
Chimpzee 2016-01-11 15:43:41 +01:00 committed by Edward Z. Yang
parent 7e49ff3dcd
commit 6e00b443cd
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -19,6 +19,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- Non all-numeric top-level names (e.g., foo.1f, 1f) are now
allowed.
- Minor bounds error fix to squash a PHP 7 notice.
- Support non-/tmp temporary directories for data:// validation
4.7.0, released 2015-08-04
# opacity is now considered a "tricky" CSS property rather than a

4
library/HTMLPurifier/URIScheme/data.php
View File

@ -81,7 +81,11 @@ class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
}
// XXX probably want to refactor this into a general mechanism
// for filtering arbitrary content types
if (function_exists('sys_get_temp_dir')) {
$file = tempnam(sys_get_temp_dir(), "");
} else {
$file = tempnam("/tmp", "");
}
file_put_contents($file, $raw_data);
if (function_exists('exif_imagetype')) {
$image_code = exif_imagetype($file);