fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Strip namespace prefixes before checking dangerous tags in SVG

Browse source
This commit is contained in:
Kijin Sung 2026-02-20 21:40:37 +09:00
parent c5d453a2df
commit a18b45f0f8
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
common/framework/filters/FileContentFilter.php
View file

@ -44,7 +44,7 @@ class FileContentFilter
$skip_xml = preg_match('/^(hwpx)$/', $ext);
// Check SVG files.
if (($ext === 'svg' || $is_xml) && !self::_checkSVG($fp, 0, $filesize))
if (($ext === 'svg' || $is_xml) && !self::_checkSVG($fp, 0, $filesize, $ext))
{
fclose($fp);
return false;
@ -89,11 +89,12 @@ class FileContentFilter
* @param resource $fp
* @param int $from
* @param int $to
* @param string $ext
* @return bool
*/
protected static function _checkSVG($fp, $from, $to)
protected static function _checkSVG($fp, $from, $to, $ext)
{
if (self::_matchStream('/(?:<|&lt;)(?:script|iframe|foreignObject|object|embed|handler)|javascript:|xlink:href\s*=\s*"(?!data:)/i', $fp, $from, $to))
if (self::_matchStream('/(?:<|&lt;|:)(?:script|iframe|foreignObject|object|embed|handler)|javascript:|(?:\s|:)href\s*=\s*"(?!data:)/i', $fp, $from, $to))
{
return false;
}