From 4f15393632e138c49aaf76a3bd688e01ee40b050 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Fa=C3=9Fbender?= Date: Sun, 17 Oct 2021 20:12:16 +0200 Subject: [PATCH] Disallow upload of svg files because of xss attacks #1106 --- adm_program/system/classes/TableFile.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/adm_program/system/classes/TableFile.php b/adm_program/system/classes/TableFile.php index 9bfa7b1ef3..1448ed4389 100644 --- a/adm_program/system/classes/TableFile.php +++ b/adm_program/system/classes/TableFile.php @@ -32,7 +32,6 @@ class TableFile extends TableAccess 'jpg' => array('icon' => 'fa-file-image', 'mime-type' => 'image/jpeg', 'viewable' => true), 'jpeg' => array('icon' => 'fa-file-image', 'mime-type' => 'image/jpeg', 'viewable' => true), 'png' => array('icon' => 'fa-file-image', 'mime-type' => 'image/png', 'viewable' => true), - 'svg' => array('icon' => 'fa-file-image', 'mime-type' => 'image/svg+xml', 'viewable' => true), 'tiff' => array('icon' => 'fa-file-image', 'mime-type' => 'image/tiff', 'viewable' => true), 'doc' => array('icon' => 'fa-file-word', 'mime-type' => 'application/msword', 'viewable' => false), 'docx' => array('icon' => 'fa-file-word', 'mime-type' => 'application/msword', 'viewable' => false), @@ -54,7 +53,6 @@ class TableFile extends TableAccess 'log' => array('icon' => 'fa-file-alt', 'mime-type' => 'text/plain', 'viewable' => true), 'md' => array('icon' => 'fa-file-alt', 'mime-type' => 'text/plain', 'viewable' => true), 'rtf' => array('icon' => 'fa-file-alt', 'mime-type' => 'text/rtf', 'viewable' => false), - 'sql' => array('icon' => 'fa-file-alt', 'mime-type' => 'text/plain', 'viewable' => true), 'txt' => array('icon' => 'fa-file-alt', 'mime-type' => 'text/plain', 'viewable' => true), 'pdf' => array('icon' => 'fa-file-pdf', 'mime-type' => 'application/pdf', 'viewable' => true), 'gz' => array('icon' => 'fa-file-archive', 'mime-type' => 'application/gzip', 'viewable' => false),