From bf2df84d0f2209313a50348e01b90c89fb1e78d5 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Fri, 20 Feb 2026 21:55:29 +0900
Subject: [PATCH] Use enshrined\svgSanitize to clean SVG file content

---
 common/framework/Security.php    | 6 ++++++
 modules/file/file.controller.php | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/common/framework/Security.php b/common/framework/Security.php
index d5e0802cd..6871af61e 100644
--- a/common/framework/Security.php
+++ b/common/framework/Security.php
@@ -38,6 +38,12 @@ class Security
 				if (!utf8_check($input)) return false;
 				return Filters\FilenameFilter::clean($input);
 
+			// Clean up SVG content to prevent various attacks.
+			case 'svg':
+				if (!utf8_check($input)) return false;
+				$sanitizer = new \enshrined\svgSanitize\Sanitizer();
+				return strval($sanitizer->sanitize($input));
+
 			// Unknown filters.
 			default:
 				throw new Exception('Unknown filter type for sanitize: ' . $type);
diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index 1e482ce9e..c42aaf6dc 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -936,6 +936,14 @@ class FileController extends File
 			}
 		}
 
+		// Sanitize SVG
+		if(!$manual_insert && !$this->user->isAdmin() && ($file_info['type'] === 'image/svg+xml' || $file_info['extension'] === 'svg'))
+		{
+			$dirty_svg = Rhymix\Framework\Storage::read($file_info['tmp_name']);
+			$clean_svg = Rhymix\Framework\Security::sanitize($dirty_svg, 'svg');
+			Rhymix\Framework\Storage::write($file_info['tmp_name'], $clean_svg);
+		}
+
 		// Adjust
 		if(!$manual_insert)
 		{