Upgrade to xinha svn head to fix issues with xinha editors not appearing in Firefox 1.5
This commit is contained in:
Chris Morgan
WineHQ
@@ -1,15 +1,22 @@
|
||||
<?php
|
||||
// REVISION HISTORY:
|
||||
//
|
||||
// 2005-08-17 YmL:
|
||||
// . security fix on unchecked variables. Original author missed quite a few
|
||||
// holes.
|
||||
|
||||
umask(000);
|
||||
$temptext = tempnam('/tmp', 'spell_');
|
||||
if ((!isset($_POST['dictionary'])) || (strlen(trim($_POST['dictionary'])) < 1))
|
||||
{
|
||||
$lang = 'en_GB';
|
||||
$lang = 'en_US';
|
||||
}
|
||||
else
|
||||
{
|
||||
$lang = $_POST['dictionary'];
|
||||
}
|
||||
|
||||
}
|
||||
$lang = preg_replace('/[^a-z0-9_]/i', '', $lang);
|
||||
|
||||
$aspell = 'aspell';
|
||||
$aspell_args = '-a --lang=' . $lang;
|
||||
|
||||
@@ -34,7 +41,7 @@
|
||||
// we should at least let it try.
|
||||
preg_match('/really aspell ([0-9]+)\.([0-9]+)(?:\.([0-9]+))?/i', `$aspell version`, $aVer);
|
||||
|
||||
$aVer = array('major' => (int)$aVer[1], 'minor' => (int)$aVer[2], 'release' => (int)$aVer[3]);
|
||||
$aVer = array('major' => (int)$aVer[1], 'minor' => (int)$aVer[2], 'release' => (int)@$aVer[3]);
|
||||
if($aVer['major'] >= 0 && $aVer['minor'] >= 60)
|
||||
{
|
||||
$aspell_args .= ' -H --encoding=utf-8';
|
||||
@@ -49,10 +56,7 @@
|
||||
}
|
||||
|
||||
// Personal dictionaries
|
||||
if(!isset($_REQUEST['p_dicts_path']))
|
||||
{
|
||||
$_REQUEST['p_dicts_path'] = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'personal_dicts';
|
||||
}
|
||||
$p_dicts_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'personal_dicts';
|
||||
|
||||
if(file_exists($_REQUEST['p_dicts_path']) && is_writable($_REQUEST['p_dicts_path']))
|
||||
{
|
||||
@@ -67,11 +71,37 @@
|
||||
$_REQUEST['p_dicts_name'] = uniqid('dict');
|
||||
setcookie('SpellChecker_p_dicts_name', $_REQUEST['p_dicts_name'], time() + 60*60*24*365*10);
|
||||
}
|
||||
}
|
||||
$p_dict_path = $_REQUEST['p_dicts_path'] . DIRECTORY_SEPARATOR . $_REQUEST['p_dicts_name'];
|
||||
}
|
||||
$p_dict_path = $_REQUEST['p_dicts_path'] . DIRECTORY_SEPARATOR . preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['p_dicts_name']);
|
||||
|
||||
if(!file_exists($p_dict_path))
|
||||
{
|
||||
// since there is a single directory for all users this could end up containing
|
||||
// quite a few subdirectories. To prevent a DOS situation we'll limit the
|
||||
// total directories created to 2000 (arbitrary). Adjust to suit your installation.
|
||||
|
||||
$count = 0;
|
||||
|
||||
if( $dir = @opendir( $p_dicts_path ) )
|
||||
{
|
||||
|
||||
while( FALSE !== ($file = readdir($dir)) )
|
||||
{
|
||||
$count++;
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: make this a config value.
|
||||
|
||||
if ( $count > 2000 )
|
||||
{
|
||||
|
||||
// either very heavy use or a DOS attempt
|
||||
|
||||
die();
|
||||
|
||||
}
|
||||
|
||||
mkdir($p_dict_path);
|
||||
chmod($p_dict_path, 02770);
|
||||
}
|
||||
@@ -83,8 +113,11 @@
|
||||
}
|
||||
}
|
||||
|
||||
// as an additional precaution check the aspell_args for illegal
|
||||
// characters
|
||||
$aspell_args = preg_replace( "/[|><;\$]+/", '', $aspell_args );
|
||||
$aspelldictionaries = "$aspell dump dicts";
|
||||
$aspellcommand = "$aspell $aspell_args < $temptext";
|
||||
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user