[Mapbender-commits] r5378 - trunk/mapbender/http/print
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Wed Jan 20 10:52:15 EST 2010
Author: christoph
Date: 2010-01-20 10:52:15 -0500 (Wed, 20 Jan 2010)
New Revision: 5378
Modified:
trunk/mapbender/http/print/printFactory.php
Log:
Modified: trunk/mapbender/http/print/printFactory.php
===================================================================
--- trunk/mapbender/http/print/printFactory.php 2010-01-20 15:51:46 UTC (rev 5377)
+++ trunk/mapbender/http/print/printFactory.php 2010-01-20 15:52:15 UTC (rev 5378)
@@ -1,10 +1,23 @@
<?php
-require_once(dirname(__FILE__)."/classes/factoryClasses.php");
+require_once dirname(__FILE__) . "/../php/mb_validateSession.php";
+require_once dirname(__FILE__) . "/classes/factoryClasses.php";
$pf = new mbPdfFactory();
-$pdf = $pf->create($_REQUEST["printPDF_template"]);
+
+$confFile = basename($_REQUEST["printPDF_template"]);
+if (!preg_match("/^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9]+)$/", $confFile) ||
+ !file_exists($confFile)) {
+
+ $errorMessage = _mb("Invalid configuration file");
+ echo htmlentities($errorMessage, ENT_QUOTES, CHARSET);
+ $e = new mb_exception($errorMessage);
+ die;
+}
+
+$pdf = $pf->create($confFile);
+
$pdf->render();
$pdf->save();
More information about the Mapbender_commits
mailing list