linuxserver/Heimdall
1
0
Fork 0
mirror of https://github.com/linuxserver/Heimdall.git synced 2026-02-22 04:30:32 +09:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix uploads and displaying of malicious SVG files

Browse Source
This commit is contained in:
Chris Hunt
2025-07-13 17:00:23 +01:00
parent d1801d1088
commit 2df58472a1
29 changed files with 21703 additions and 12651 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Helper.php
View File

@@ -1,6 +1,7 @@
<?php
use Illuminate\Support\Str;
use enshrined\svgSanitize\Sanitizer;
/**
* @param $bytes
@@ -129,7 +130,11 @@ function isImage(string $file, string $extension): bool
fwrite($handle, $file);
fclose($handle);
if ($extension == 'svg') {
if ($extension === 'svg') {
$sanitizer = new Sanitizer();
$sanitizedSvg = $sanitizer->sanitize(file_get_contents($tempFileName));
file_put_contents($tempFileName, $sanitizedSvg);
return 'image/svg+xml' === mime_content_type($tempFileName);
}