diff options
author | robocoder <anthon.pang@gmail.com> | 2011-07-03 20:44:33 +0400 |
---|---|---|
committer | robocoder <anthon.pang@gmail.com> | 2011-07-03 20:44:33 +0400 |
commit | 331d048cfbc0f35dade0efa9f700d1a3f1276767 (patch) | |
tree | ae5e4eafd18331ae5b3700ad0f4bef194bd8dc91 /plugins/Proxy | |
parent | 27cc7866b1a98decddc999ca87ebcdb102459e96 (diff) |
refs #1841 - exportImage and outputImage are now deprecated (since OFC has been replaced); will be removed if/when PiwikMap.swf switches to non-Flash
git-svn-id: http://dev.piwik.org/svn/trunk@4987 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/Proxy')
-rw-r--r-- | plugins/Proxy/Controller.php | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/plugins/Proxy/Controller.php b/plugins/Proxy/Controller.php index 05ece0b3ce..3b4c9446cd 100644 --- a/plugins/Proxy/Controller.php +++ b/plugins/Proxy/Controller.php @@ -47,24 +47,40 @@ class Piwik_Proxy_Controller extends Piwik_Controller { Piwik::checkUserHasSomeViewAccess(); - header('Content-Type: image/png'); - $data = base64_decode(Piwik_Common::getRequestVar('imageData', self::TRANSPARENT_PNG_PIXEL, 'string', $_POST)); + $rawData = Piwik_Common::getRequestVar('imageData', '', 'string', $_POST); - if(function_exists('imagecreatefromstring')) + // returns false if any illegal characters in input + $data = base64_decode($rawData); + if($data !== false) { - // validate image data - $imgResource = @imagecreatefromstring($data); - if($imgResource !== false) + $substr = function_exists('mb_orig_substr') ? 'mb_orig_substr' : 'substr'; + // check for PNG header + if($substr($data, 0, 8) === "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a") { - // output image and clean-up - imagepng($imgResource); - imagedestroy($imgResource); + header('Content-Type: image/png'); + + // more robust validation (if available) + if(function_exists('imagecreatefromstring')) + { + // validate image data + $imgResource = @imagecreatefromstring($data); + if($imgResource !== false) + { + // output image and clean-up + imagepng($imgResource); + imagedestroy($imgResource); + exit; + } + } + else + { + echo $data; + exit; + } } } - else - { - echo $data; - } + + Piwik::setHttpStatus('400 Bad Request'); exit; } |