From 02726fdf69922e0bc5d4c62738c5a6ffea1851c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Wed, 17 Jun 2026 22:38:41 +0200
Subject: [PATCH] Sanatize SVG files, even when they try to hide themselves
 with a different extension

---
 src/Services/Attachments/AttachmentSubmitHandler.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Services/Attachments/AttachmentSubmitHandler.php b/src/Services/Attachments/AttachmentSubmitHandler.php
index 2e40f1f5..1b90091f 100644
--- a/src/Services/Attachments/AttachmentSubmitHandler.php
+++ b/src/Services/Attachments/AttachmentSubmitHandler.php
@@ -543,8 +543,10 @@ class AttachmentSubmitHandler
             return $attachment;
         }
 
+        $guessed_mime_type = $this->mimeTypes->guessMimeType($path);
+
         //Check if the file is an SVG
-        if ($attachment->getExtension() === "svg") {
+        if ($guessed_mime_type === "image/svg+xml" || $attachment->getExtension() === "svg") {
             $this->SVGSanitizer->sanitizeFile($path);
         }