Fix uploads and displaying of malicious SVG files

This commit is contained in:
Chris Hunt
2025-07-13 17:00:23 +01:00
parent d1801d1088
commit 2df58472a1
29 changed files with 21703 additions and 12651 deletions

51
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "5382a1b98508764ed864abf78b69684c",
"content-hash": "359cb52315ea7083764b22c6e1bd8a0c",
"packages": [
{
"name": "aws/aws-crt-php",
@@ -727,6 +727,51 @@
],
"time": "2025-03-06T22:45:56+00:00"
},
{
"name": "enshrined/svg-sanitize",
"version": "0.21.0",
"source": {
"type": "git",
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
"reference": "5e477468fac5c5ce933dce53af3e8e4e58dcccc9"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/5e477468fac5c5ce933dce53af3e8e4e58dcccc9",
"reference": "5e477468fac5c5ce933dce53af3e8e4e58dcccc9",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-libxml": "*",
"php": "^7.1 || ^8.0"
},
"require-dev": {
"phpunit/phpunit": "^6.5 || ^8.5"
},
"type": "library",
"autoload": {
"psr-4": {
"enshrined\\svgSanitize\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"GPL-2.0-or-later"
],
"authors": [
{
"name": "Daryll Doyle",
"email": "daryll@enshrined.co.uk"
}
],
"description": "An SVG sanitizer for PHP",
"support": {
"issues": "https://github.com/darylldoyle/svg-sanitizer/issues",
"source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.21.0"
},
"time": "2025-01-13T09:32:25+00:00"
},
{
"name": "filp/whoops",
"version": "2.18.3",
@@ -10288,8 +10333,8 @@
"prefer-lowest": false,
"platform": {
"php": "^8.2",
"ext-json": "*",
"ext-intl": "*"
"ext-intl": "*",
"ext-json": "*"
},
"platform-dev": [],
"plugin-api-version": "2.3.0"