fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-11 21:12:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

Strip namespace prefixes before checking dangerous tags in SVG

Browse source
This commit is contained in:
Kijin Sung 2026-02-20 21:40:37 +09:00
parent c5d453a2df
commit a18b45f0f8
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
common/framework/filters/FileContentFilter.php
View file

@ -44,7 +44,7 @@ class FileContentFilter
$skip_xml = preg_match('/^(hwpx)$/', $ext); $skip_xml = preg_match('/^(hwpx)$/', $ext);
// Check SVG files. // Check SVG files.
if (($ext === 'svg' || $is_xml) && !self::_checkSVG($fp, 0, $filesize)) if (($ext === 'svg' || $is_xml) && !self::_checkSVG($fp, 0, $filesize, $ext))
{ {
fclose($fp); fclose($fp);
return false; return false;
@ -89,11 +89,12 @@ class FileContentFilter
* @param resource $fp * @param resource $fp
* @param int $from * @param int $from
* @param int $to * @param int $to
* @param string $ext
* @return bool * @return bool
*/ */
protected static function _checkSVG($fp, $from, $to) protected static function _checkSVG($fp, $from, $to, $ext)
{ {
if (self::_matchStream('/(?:<|&lt;)(?:script|iframe|foreignObject|object|embed|handler)|javascript:|xlink:href\s*=\s*"(?!data:)/i', $fp, $from, $to)) if (self::_matchStream('/(?:<|&lt;|:)(?:script|iframe|foreignObject|object|embed|handler)|javascript:|(?:\s|:)href\s*=\s*"(?!data:)/i', $fp, $from, $to))
{ {
return false; return false;
} }