Docs/antiword.php

   1 | <?php
   2 /*
   3 (C) 2005 Vidar Løkken <vidarlo@vestdata.no>
   4
   5 V.3: I've added escapeshellcmd to all user input that shows up directly
   6 in exec()
   7 */
   8 switch ($_REQUEST['output']) {
   9 case "PostScript":
  10    $output=escapeshellcmd("-p $_REQUEST[paper]");
  11    break;
  12 case "PDF":
  13    $output=escapeshellcmd("-a $_REQUEST[paper]");
  14    $pdf=1;
  15    break;
  16 case "InLine":
  17    $output="-t";
  18    break;
  19 }
  20 if (isset($_FILES['userfile']['name'])) {
  21   $uploaddir = '/tmp/';
  22   $uploadfile = $uploaddir . $_FILES['userfile']['name'];
  23   $userfile =  $_FILES['userfile']['name'];
  24   if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) {
  25     $delims=".";
  26     if (strstr($output,"-p")) {
  27       $psfile=strtok($userfile,$delims).".ps";
  28       header("Content-Type: Application/PostScript");
  29       header("Content-Disposition: attachment; filename=".$psfile);
  30       $file=escapeshellcmd($uploadfile);
  31       $command="antiword $output $file";
  32       passthru($command);
  33       unlink($uploadfile);
  34     } elseif (strstr($output,"-a")) {
  35       $psfile=strtok($userfile,$delims).".pdf";
  36       header("Content-Type: Application/PDF");
  37       //      header("Content-Disposition: attachment; filename=".$psfile);
  38       //      $command="antiword $output $uploadfile";
  39       $file=escapeshellcmd($uploadfile);
  40       $command="antiword $output $file";
  41       passthru($command);
  42       unlink($uploadfile);
  43     } else {
  44       echo "<pre>";
  45       $file=escapeshellcmd($uploadfile);
  46       $command="antiword $output $file";
  47       //      echo $command;
  48       //      $command="antiword $output $uploadfile";
  49       passthru($command);
  50       unlink($uploadfile);
  51     }
  52   }
  53   elseif (isset($_REQUEST['url'])) {
  54     echo $command;
  55     $url=$_REQUEST['url'];
  56     $uri=escapeshellcmd($_REQUEST['url']);
  57     $delim="/";
  58     $docfile=explode($delim,$uri);
  59     exec("wget -O /tmp/$docfile $url");
  60     if (strstr($output,"-p")) {
  61       $psfile=strtok(end($docfile),".").".ps";
  62       $safe=escapeshellcmd($docfile);
  63       $command="antiword $output /tmp/$safe";
  64       header("Content-Type: Application/PostScript");
  65       header("Content-Disposition: attachment; filename=".$psfile);
  66       passthru($command);
  67       @@      unlink("/tmp/$docfile");
  68     } elseif (strstr($output,"-a")) {
  69       $psfile=strtok(end($docfile),".").".pdf";
  70       $safe=escapeshellcmd($docfile);
  71       $command="antiword $output /tmp/$safe";
  72       header("Content-Type: Application/PDF");
  73       header("Content-Disposition: attachment; filename=".$psfile);
  74       passthru($command);
  75 @@      unlink("/tmp/$docfile");
  76     } else {
  77       echo "<pre>";
  78       $safe=escapeshellcmd($docfile);
  79       $command="antiword $output /tmp/$safe";
  80       passthru($command);
  81 @@      unlink("/tmp/$docfile");
  82     }
  83   }
  84 }
  85 if (!isset($_FILES['userfile']['name'])) {
  86   ?>
  87 <p>
  88    This script converts a word file (most versions supported) into a
  89 pure ASCII, a PDF or a PostScript version. Currently, only PostScript
  90 and PDF carry images, and those images might be distorted or such. It's
  91 based on the nice program antiword. see <a
  92 href=http://antiword.cjb.net>antiword.cjb.net</a> for more information
  93 about antiword. Currently, max file size is 3MiB for the upload. This
  94 should be enough!
  95 </p><p>Currently, I tend to end up with the ascii version being 1/100th
  96 of the word document, and the pdf/ps versions being 1/10th of the size.
  97 So if you're gonna send me a word document, rethink that. I'll not read
  98 it. I'll read ascii, and probably pdf/ps too.</p>
  99 </p>
 100 <form enctype="multipart/form-data" action="antiword.php" method="post">
 101   <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
 102   URL:<br /><input type="text" name="url" size=50 /><br />
 103   Send this file:<br /> <input name="userfile" type="file"/>
 104   <br />Output: <br />
 105   <SELECT name="output">
 106   <OPTGROUP>
 107   <OPTION name=txt>InLine</OPTION>
 108   <OPTION name=ps>PostScript</OPTION>
 109   <OPTION name=PDF>PDF</OPTION>
 110   </OPTGROUP>
 111   </SELECT>
 112 Papersize: <SELECT name="paper"/>
 113 <OPTGROUP>
 114 <OPTION>a4</OPTION>
 115 <OPTION>a3</OPTION>
 116 <OPTION>a5</OPTION>
 117 <OPTION>b4</OPTION>
 118 <OPTION>b5</OPTION>
 119 <OPTION>10x14</OPTION>
 120 <OPTION>executive</OPTION>
 121 <OPTION>folio</OPTION>
 122 <OPTION>legal</OPTION>
 123 <OPTION>letter</OPTION>
 124 <OPTION>note</OPTION>
 125 <OPTION>quarto</OPTION>
 126 <OPTION>statement</OPTION>
 127 <OPTION>tabloid</OPTION>
 128 </select>
 129 <br />
 130   <input type="submit" value="Send File" />
 131   </form>
 132 <p>This is running <a href="http://antiword.cjb.net">antiword</a> 0.36. <br>
 133    Please drop me a note at antiword (at) bitsex.net if you have
 134 comments for this.
 135 <hr>
 136 <font size=-1>(C)Vidar L&oslash;kken 2005</font>
 137 <!-- Version: 0.2 as of 19. oct. 2005 -->
 138 <?php
 139 }
 140 ?>
 141 |