Clientbase
/
PHPWord
mirror of https://github.com/basemaster/PHPWord.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Temporary files naming logic in PHPWord_Template can lead to a collision (GH-38)

This commit is contained in:
Progi1984 2013-12-15 14:58:44 +01:00
parent 9557dd9da8
commit 95f16cc3a5
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Classes/PHPWord/Template.php
View File

@ -63,9 +63,8 @@ class PHPWord_Template {
* @param string $strFilename * @param string $strFilename
*/ */
public function __construct($strFilename) { public function __construct($strFilename) {
$path = dirname($strFilename); $this->_tempFileName = tempnam(sys_get_temp_dir(), '');
$this->_tempFileName = $path.DIRECTORY_SEPARATOR.time().'.docx'; if ($this->_tempFileName !== false) {
// Copy the source File to the temp File // Copy the source File to the temp File
if(!copy($strFilename, $this->_tempFileName)){ if(!copy($strFilename, $this->_tempFileName)){
throw new PHPWord_Exception('Could not copy the template from '.$strFilename.' to '.$this->_tempFileName.'.'); throw new PHPWord_Exception('Could not copy the template from '.$strFilename.' to '.$this->_tempFileName.'.');
@ -75,6 +74,9 @@ class PHPWord_Template {
$this->_objZip->open($this->_tempFileName); $this->_objZip->open($this->_tempFileName);
$this->_documentXML = $this->_objZip->getFromName('word/document.xml'); $this->_documentXML = $this->_objZip->getFromName('word/document.xml');
} else {
throw new PHPWord_Exception('Could not create temporary file with unique name in the default temporary directory.');
}
} }
/** /**

3
changelog.txt
View File

@ -23,8 +23,9 @@
************************************************************************************** **************************************************************************************
Fixed in branch for release 0.7 : Fixed in branch for release 0.7 :
- Bugfix: (RomanSyroeshko) GH-34 - PHPWord_Shared_String.IsUTF8 returns FALSE for Cyrillic UTF-8 input
- Bugfix: (RomanSyroeshko) GH-32 - "Warning: Invalid error type specified in ...\PHPWord.php on line 226" is thrown when the specified template file is not found - Bugfix: (RomanSyroeshko) GH-32 - "Warning: Invalid error type specified in ...\PHPWord.php on line 226" is thrown when the specified template file is not found
- Bugfix: (RomanSyroeshko) GH-34 - PHPWord_Shared_String.IsUTF8 returns FALSE for Cyrillic UTF-8 input
- Bugfix: (RomanSyroeshko) GH-38 - Temporary files naming logic in PHPWord_Template can lead to a collision
- Feature: (Progi1984) GH-1 - Implement RTF Writer - Feature: (Progi1984) GH-1 - Implement RTF Writer
- Feature: (Progi1984) GH-2 - Implement ODT Writer - Feature: (Progi1984) GH-2 - Implement ODT Writer
- Feature: (kaystrobach) - Word2007 : Add rowspan and colspan to cells - Feature: (kaystrobach) - Word2007 : Add rowspan and colspan to cells