fix: validate svg file extension in addition to client mime type

requarks · Dec 25, 2021 · 57b56d3 · 57b56d3
1 parent e79e591
commit 57b56d3
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/server/models/assets.js b/server/models/assets.js
@@ -100,7 +100,13 @@ module.exports = class Asset extends Model {
     }
 
     // Sanitize SVG contents
-    if (WIKI.config.uploads.scanSVG && opts.mimetype === 'image/svg+xml') {
+    if (
+      WIKI.config.uploads.scanSVG &&
+      (
+        opts.mimetype.toLowerCase().startsWith('image/svg') ||
+        opts.ext.toLowerCase() === 'svg'
+      )
+    ) {
       const svgSanitizeJob = await WIKI.scheduler.registerJob({
         name: 'sanitize-svg',
         immediate: true,