Patient Ledger, take 3.
[openemr.git] / phpmyadmin / file_echo.php
blobd910b74e28b660a3850cc948432bb00e9e5e12da
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * "Echo" service to allow force downloading of exported charts (png or svg)
5 * and server status monitor settings
7 * @package PhpMyAdmin
8 */
10 define('PMA_MINIMUM_COMMON', true);
11 require_once 'libraries/common.inc.php';
13 /* For chart exporting */
14 if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
15 $allowed = array(
16 'image/png' => 'png',
17 'image/svg+xml' => 'svg',
20 /* Check whether MIME type is allowed */
21 if (! isset($allowed[$_REQUEST['type']])) {
22 PMA_fatalError(__('Invalid export type'));
26 * Check file name to match mime type and not contain new lines
27 * to prevent response splitting.
29 $extension = $allowed[$_REQUEST['type']];
30 $valid_match = '/^[^\n\r]*\.' . $extension . '$/';
31 if (! preg_match($valid_match, $_REQUEST['filename'])) {
32 if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
33 /* Filename is unsafe, discard it */
34 $filename = 'download.' . $extension;
35 } else {
36 /* Add extension */
37 $filename = $_REQUEST['filename'] . '.' . $extension;
39 } else {
40 /* Filename from request should be safe here */
41 $filename = $_REQUEST['filename'];
44 /* Decode data */
45 if ($extension != 'svg') {
46 $data = substr($_REQUEST['image'], strpos($_REQUEST['image'], ',') + 1);
47 $data = base64_decode($data);
48 } else {
49 $data = $_REQUEST['image'];
52 /* Send download header */
53 PMA_downloadHeader($filename, $_REQUEST['type'], strlen($data));
55 /* Send data */
56 echo $data;
58 } else if (isset($_REQUEST['monitorconfig'])) {
59 /* For monitor chart config export */
60 PMA_downloadHeader('monitor.cfg', 'application/force-download');
61 echo urldecode($_REQUEST['monitorconfig']);
63 } else if (isset($_REQUEST['import'])) {
64 /* For monitor chart config import */
65 header('Content-type: text/plain');
66 if (!file_exists($_FILES['file']['tmp_name'])) {
67 exit();
69 echo file_get_contents($_FILES['file']['tmp_name']);