fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'security/rve-2026-2'

Browse source
This commit is contained in:
Kijin Sung 2026-02-25 20:39:06 +09:00
commit 74b9533281
4 changed files with 29 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/file/file.controller.php
View file

@ -551,7 +551,7 @@ class FileController extends File
{
$download_type = 'inline';
}
if (Context::get('force_download') === 'Y')
if ($mime_type === 'image/svg+xml' || Context::get('force_download') === 'Y')
{
$download_type = 'attachment';
}
@ -936,6 +936,14 @@ class FileController extends File
}
}
// Sanitize SVG
if(!$manual_insert && !$this->user->isAdmin() && ($file_info['type'] === 'image/svg+xml' || $file_info['extension'] === 'svg'))
{
$dirty_svg = Rhymix\Framework\Storage::read($file_info['tmp_name']);
$clean_svg = Rhymix\Framework\Security::sanitize($dirty_svg, 'svg');
Rhymix\Framework\Storage::write($file_info['tmp_name'], $clean_svg);
}
// Adjust
if(!$manual_insert)
{