Skip to content
Snippets Groups Projects

Increase JPG/PNG size to 800px

Merged Increase JPG/PNG size to 800px
feature/issue-5 into develop
Merged Tyler R Lemburg requested to merge feature/issue-5 into develop
Compare
and
1 file
+ 1
1
Compare changes
  • Side-by-side
  • Inline
src/Models/Lockup.php
+ 1
1
@@ -231,7 +231,7 @@ class Lockup extends \ActiveRecord\Model {
@@ -231,7 +231,7 @@ class Lockup extends \ActiveRecord\Model {
$return_var = NULL;
$return_var = NULL;
exec('inkscape -h200 --export-png=' . $new_png . ' ' . $starting_svg . ' 2>&1', $backend_output, $return_var);
exec('inkscape -h800 --export-png=' . $new_png . ' ' . $starting_svg . ' 2>&1', $backend_output, $return_var);
    • Michael Fairchild
      Michael Fairchild @s-mfairch4

      Not really related to this specific PR, but I would look into escaping the parameters, $new_png and $starting_svg. It looks like the structure of $new_png does not allow for an injection attack, but $new_png is more vulnerable. While $new_png is being somewhat escaped by getOrganizationFilename(), there may still be room to improve. I'd suggest escapeshellarg() just to make sure. The same goes for all calls to exec.

Please register or sign in to reply
if ($return_var == 0) {
if ($return_var == 0) {
# attempt to write this to the DB
# attempt to write this to the DB
$file = fopen($new_png, 'r');
$file = fopen($new_png, 'r');