3
* This file is part of the exporting module for Highcharts JS.
4
* www.highcharts.com/license
7
* Available POST variables:
9
* $filename string The desired filename without extension
10
* $type string The MIME type for export.
11
* $width int The pixel width of the exported raster image. The height is calculated.
12
* $svg string The SVG source code to convert.
17
define ('BATIK_PATH', 'batik-rasterizer.jar');
19
///////////////////////////////////////////////////////////////////////////////
20
ini_set('magic_quotes_gpc', 'off');
22
$type = $_POST['type'];
23
$svg = (string) $_POST['svg'];
24
$filename = (string) $_POST['filename'];
27
if (!$filename or !preg_match('/^[A-Za-z0-9\-_ ]+$/', $filename)) {
30
if (get_magic_quotes_gpc()) {
31
$svg = stripslashes($svg);
34
// check for malicious attack in SVG
35
if(strpos($svg,"<!ENTITY") !== false || strpos($svg,"<!DOCTYPE") !== false){
36
exit("Execution is topped, the posted SVG could contain code for a malicious attack");
39
$tempName = md5(rand());
41
// allow no other than predefined types
42
if ($type == 'image/png') {
43
$typeString = '-m image/png';
46
} elseif ($type == 'image/jpeg') {
47
$typeString = '-m image/jpeg';
50
} elseif ($type == 'application/pdf') {
51
$typeString = '-m application/pdf';
54
} elseif ($type == 'image/svg+xml') {
57
} else { // prevent fallthrough from global variables
61
$outfile = "temp/$tempName.$ext";
63
if (isset($typeString)) {
67
if ($_POST['width']) {
68
$width = (int)$_POST['width'];
69
if ($width) $width = "-w $width";
72
// generate the temporary file
73
if (!file_put_contents("temp/$tempName.svg", $svg)) {
74
die("Couldn't create temporary file. Check that the directory permissions for
75
the /temp directory are set to 777.");
79
$output = shell_exec("java -jar ". BATIK_PATH ." $typeString -d $outfile $width temp/$tempName.svg");
82
if (!is_file($outfile) || filesize($outfile) < 10) {
83
echo "<pre>$output</pre>";
84
echo "Error while converting SVG. ";
86
if (strpos($output, 'SVGConverter.error.while.rasterizing.file') !== false) {
90
<li>Copy the SVG:<br/><textarea rows=5>" . htmlentities(str_replace('>', ">\n", $svg)) . "</textarea></li>
91
<li>Go to <a href='http://validator.w3.org/#validate_by_input' target='_blank'>validator.w3.org/#validate_by_input</a></li>
92
<li>Paste the SVG</li>
93
<li>Click More Options and select SVG 1.1 for Use Doctype</li>
94
<li>Click the Check button</li>
101
header("Content-Disposition: attachment; filename=\"$filename.$ext\"");
102
header("Content-Type: $type");
103
echo file_get_contents($outfile);
107
unlink("temp/$tempName.svg");
110
// SVG can be streamed directly back
111
} else if ($ext == 'svg') {
112
header("Content-Disposition: attachment; filename=\"$filename.$ext\"");
113
header("Content-Type: $type");