fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-01 00:02:21 +09:00
Code Issues Projects Releases Packages Wiki Activity

Filter more potentially malicious tags in SVG uploads

Browse source
This commit is contained in:
Kijin Sung 2023-04-10 22:51:07 +09:00
parent b88fe65d6e
commit 901bdab6a9
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/framework/filters/FileContentFilter.php
View file

@ -93,7 +93,7 @@ class FileContentFilter
*/
protected static function _checkSVG($fp, $from, $to)
{
if (self::_matchStream('/<script|<handler\b|xlink:href\s*=\s*"(?!data:)/i', $fp, $from, $to))
if (self::_matchStream('/(?:<|&lt;)(?:script|iframe|foreignObject|object|embed|handler)|javascript:|xlink:href\s*=\s*"(?!data:)/i', $fp, $from, $to))
{
return false;
}