Merge branch 'rhymix:master' into master

common/framework/Security.php

@@ -38,6 +38,12 @@ class Security
 				if (!utf8_check($input)) return false;
 				return Filters\FilenameFilter::clean($input);
 
+			// Clean up SVG content to prevent various attacks.
+			case 'svg':
+				if (!utf8_check($input)) return false;
+				$sanitizer = new \enshrined\svgSanitize\Sanitizer();
+				return strval($sanitizer->sanitize($input));
+
 			// Unknown filters.
 			default:
 				throw new Exception('Unknown filter type for sanitize: ' . $type);

common/framework/filters/FileContentFilter.php

@@ -44,7 +44,7 @@ class FileContentFilter
 		$skip_xml = preg_match('/^(hwpx)$/', $ext);
 
 		// Check SVG files.
-		if (($ext === 'svg' || $is_xml) && !self::_checkSVG($fp, 0, $filesize))
+		if (($ext === 'svg' || $is_xml) && !self::_checkSVG($fp, 0, $filesize, $ext))
 		{
 			fclose($fp);
 			return false;
@@ -89,11 +89,12 @@ class FileContentFilter
 	 * @param resource $fp
 	 * @param int $from
 	 * @param int $to
+	 * @param string $ext
 	 * @return bool
 	 */
-	protected static function _checkSVG($fp, $from, $to)
+	protected static function _checkSVG($fp, $from, $to, $ext)
 	{
-		if (self::_matchStream('/(?:<|&lt;)(?:script|iframe|foreignObject|object|embed|handler)|javascript:|xlink:href\s*=\s*"(?!data:)/i', $fp, $from, $to))
+		if (self::_matchStream('/(?:<|&lt;|:)(?:script|iframe|foreignObject|object|embed|handler)|javascript:|(?:\s|:)href\s*=\s*"(?!data:)/i', $fp, $from, $to))
 		{
 			return false;
 		}

common/framework/parsers/ConfigParser.php

@@ -184,6 +184,8 @@ class ConfigParser
 		if (isset($db_info->use_ssl) && in_array($db_info->use_ssl, ['always', 'optional']))
 		{
 			$config['url']['ssl'] = 'always';
+			$config['session']['use_ssl'] = true;
+			$config['session']['use_ssl_cookies'] = true;
 		}
 		else
 		{