mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2026-07-05 17:01:35 +00:00
Sanatize SVG files, even when they try to hide themselves with a different extension
This commit is contained in:
parent
98df91d785
commit
02726fdf69
1 changed files with 3 additions and 1 deletions
|
|
@ -543,8 +543,10 @@ class AttachmentSubmitHandler
|
||||||
return $attachment;
|
return $attachment;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$guessed_mime_type = $this->mimeTypes->guessMimeType($path);
|
||||||
|
|
||||||
//Check if the file is an SVG
|
//Check if the file is an SVG
|
||||||
if ($attachment->getExtension() === "svg") {
|
if ($guessed_mime_type === "image/svg+xml" || $attachment->getExtension() === "svg") {
|
||||||
$this->SVGSanitizer->sanitizeFile($path);
|
$this->SVGSanitizer->sanitizeFile($path);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue