diff options
Diffstat (limited to 'lib/exe')
| -rw-r--r-- | lib/exe/ajax.php | 3 | ||||
| -rw-r--r-- | lib/exe/xmlrpc.php | 10 |
2 files changed, 9 insertions, 4 deletions
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index d4ef8dc11..f8d62cb57 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -281,7 +281,8 @@ function ajax_mediaupload(){ } $result = array('error' => $msg['msg'], 'ns' => $NS); } - echo htmlspecialchars(json_encode($result), ENT_NOQUOTES); + $json = new JSON; + echo htmlspecialchars($json->encode($result), ENT_NOQUOTES); } function dir_delete($path) { diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 8e4141d4e..e5e3298ae 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -7,7 +7,7 @@ if(isset($HTTP_RAW_POST_DATA)) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); /** * Increased whenever the API is changed */ -define('DOKU_XMLRPC_API_VERSION',5); +define('DOKU_XMLRPC_API_VERSION', 6); require_once(DOKU_INC.'inc/init.php'); session_write_close(); //close session @@ -584,8 +584,12 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { // save temporary file @unlink($ftmp); - $buff = base64_decode($file); - io_saveFile($ftmp, $buff); + if (preg_match('/^[A-Za-z0-9\+\/]*={0,2}$/', $file) === 1) { + // DEPRECATED: Double-decode file if it still looks like base64 + // after first decoding (which is done by the library) + $file = base64_decode($file); + } + io_saveFile($ftmp, $file); $res = media_save(array('name' => $ftmp), $id, $params['ow'], $auth, 'rename'); if (is_array($res)) { |