Migrated gritter to standardized package (#225)
[openemr.git] / phpmyadmin / file_echo.php
blob1f27bb019bc94d2d3711f9233ccca85af15cd759
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * "Echo" service to allow force downloading of exported charts (png or svg)
5 * and server status monitor settings
7 * @package PhpMyAdmin
8 */
10 define('PMA_MINIMUM_COMMON', true);
11 require_once 'libraries/common.inc.php';
13 /* For chart exporting */
14 if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
15 $allowed = array(
16 'image/png' => 'png',
17 'image/svg+xml' => 'svg',
20 /* Check whether MIME type is allowed */
21 if (! isset($allowed[$_REQUEST['type']])) {
22 PMA_fatalError(__('Invalid export type'));
26 * Check file name to match mime type and not contain new lines
27 * to prevent response splitting.
29 $extension = $allowed[$_REQUEST['type']];
30 $valid_match = '/^[^\n\r]*\.' . $extension . '$/';
31 if (! preg_match($valid_match, $_REQUEST['filename'])) {
32 if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
33 /* Filename is unsafe, discard it */
34 $filename = 'download.' . $extension;
35 } else {
36 /* Add extension */
37 $filename = $_REQUEST['filename'] . '.' . $extension;
39 } else {
40 /* Filename from request should be safe here */
41 $filename = $_REQUEST['filename'];
44 /** @var PMA_String $pmaString */
45 $pmaString = $GLOBALS['PMA_String'];
47 /* Decode data */
48 if ($extension != 'svg') {
49 $data = /*overload*/mb_substr(
50 $_REQUEST['image'],
51 /*overload*/mb_strpos($_REQUEST['image'], ',') + 1
53 $data = base64_decode($data);
54 } else {
55 $data = $_REQUEST['image'];
58 /* Send download header */
59 PMA_downloadHeader(
60 $filename,
61 $_REQUEST['type'],
62 /*overload*/mb_strlen($data)
65 /* Send data */
66 echo $data;
68 } else if (isset($_REQUEST['monitorconfig'])) {
69 /* For monitor chart config export */
70 PMA_downloadHeader('monitor.cfg', 'application/force-download');
71 echo urldecode($_REQUEST['monitorconfig']);
73 } else if (isset($_REQUEST['import'])) {
74 /* For monitor chart config import */
75 header('Content-type: text/plain');
76 if (!file_exists($_FILES['file']['tmp_name'])) {
77 exit();
79 echo file_get_contents($_FILES['file']['tmp_name']);