From 0d0c88c4806280ac9b70a299d6e3099269c9bc54 Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Fri, 2 Jun 2023 12:55:11 -0500 Subject: [PATCH] Sanitize uploaded SVG files --- main/inc/lib/fileUpload.lib.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/main/inc/lib/fileUpload.lib.php b/main/inc/lib/fileUpload.lib.php index 4cb975c65a..092ff7a350 100755 --- a/main/inc/lib/fileUpload.lib.php +++ b/main/inc/lib/fileUpload.lib.php @@ -12,6 +12,8 @@ * @todo test and reorganise */ +use enshrined\svgSanitize\Sanitizer; + /** * Changes the file name extension from .php to .phps * Useful for securing a site. @@ -191,6 +193,22 @@ function process_uploaded_file($uploaded_file, $show_output = true) return true; } +function sanitizeSvgFile(string $fullPath) +{ + $fileType = mime_content_type($fullPath); + + if ('image/svg+xml' !== $fileType) { + return; + } + + $svgContent = file_get_contents($fullPath); + + $sanitizer = new Sanitizer(); + $cleanSvg = $sanitizer->sanitize($svgContent); + + file_put_contents($fullPath, $cleanSvg); +} + /** * This function does the save-work for the documents. * It handles the uploaded file and adds the properties to the database @@ -394,6 +412,7 @@ function handle_uploaded_document( $fileExists = file_exists($fullPath); if (moveUploadedFile($uploadedFile, $fullPath)) { + sanitizeSvgFile($fullPath); chmod($fullPath, $filePermissions); if ($fileExists && $docId) { @@ -577,6 +596,7 @@ function handle_uploaded_document( $filePath = $uploadPath.$fileSystemName; if (moveUploadedFile($uploadedFile, $fullPath)) { + sanitizeSvgFile($fullPath); chmod($fullPath, $filePermissions); // Put the document data in the database $documentId = add_document(