Use enshrined\svgSanitize to clean SVG file content

2026-04-02 01:52:10 +09:00 · 2026-02-20 21:55:29 +09:00 · 2026-02-20 21:55:29 +09:00 · bf2df84d0f
commit bf2df84d0f
parent a18b45f0f8
2 changed files with 14 additions and 0 deletions
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@ -936,6 +936,14 @@ class FileController extends File
 			}
 		}

+		// Sanitize SVG
+		if(!$manual_insert && !$this->user->isAdmin() && ($file_info['type'] === 'image/svg+xml' || $file_info['extension'] === 'svg'))
+		{
+			$dirty_svg = Rhymix\Framework\Storage::read($file_info['tmp_name']);
+			$clean_svg = Rhymix\Framework\Security::sanitize($dirty_svg, 'svg');
+			Rhymix\Framework\Storage::write($file_info['tmp_name'], $clean_svg);
+		}
+
 		// Adjust
 		if(!$manual_insert)
 		{