Increase JPG/PNG size to 800px
Compare changes
+ 1
− 1
@@ -231,7 +231,7 @@ class Lockup extends \ActiveRecord\Model {
@@ -231,7 +231,7 @@ class Lockup extends \ActiveRecord\Model {
exec('inkscape -h200 --export-png=' . $new_png . ' ' . $starting_svg . ' 2>&1', $backend_output, $return_var);
Not really related to this specific PR, but I would look into escaping the parameters,
$new_png
and$starting_svg
. It looks like the structure of$new_png
does not allow for an injection attack, but$new_png
is more vulnerable. While$new_png
is being somewhat escaped bygetOrganizationFilename()
, there may still be room to improve. I'd suggestescapeshellarg()
just to make sure. The same goes for all calls toexec
.Awesome, yeah that's good feedback. Open an issue and I or you or someone else can develop a solution :)