Skip to content

Commit

Permalink
Sanitize and minify SVG on upload to avoid XSS vulnerability
Browse files Browse the repository at this point in the history 
# Conflicts:
#	include/inc_lib/revision/revision.php
  • Loading branch information
@slackero
slackero committed Aug 19, 2021
1 parent 4db6ac2 commit b39db9c
Show file tree
Hide file tree
Showing 69 changed files with 125,017 additions and 2 deletions.
8 changes: 8 additions & 0 deletions composer.json
View file
@@ -0,0 +1,8 @@
{
"config": {
"vendor-dir": "include/vendor"
},
"require": {
"enshrined/svg-sanitize": "^0.14.1"
}
}
65 changes: 65 additions & 0 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions include/inc_act/act_upload.php
View file
Expand Up @@ -106,6 +106,8 @@
$data['f_image_height'] = $file_svg['height'];
}



}

$insert = _dbInsert('phpwcms_file', $data);
Expand Down
14 changes: 13 additions & 1 deletion include/inc_lib/classes/class.svg-reader.php
View file
Expand Up @@ -25,11 +25,23 @@
* @license GPL-2.0-or-later
*/

use enshrined\svgSanitize\Sanitizer;

/**
* SVGMetadataExtractor class.
*/
class SVGMetadataExtractor {
static function getMetadata( $filename ) {
static function getMetadata( $filename, $sanitize=true ) {
if ($sanitize && is_file( $filename )) {
$sanitizer = new Sanitizer();
$sanitizer->minify(true);
$sanitizer->removeXMLTag(true);
$dirtySVG = file_get_contents( $filename );
if ($dirtySVG && ($cleanSVG = $sanitizer->sanitize( $dirtySVG ))) {
file_put_contents( $filename, trim($cleanSVG) );
}
}

$svg = new SVGReader( $filename );
return $svg->getMetadata();
}
Expand Down
1 change: 1 addition & 0 deletions include/inc_lib/default.inc.php
View file
Expand Up @@ -150,6 +150,7 @@
// Mime-Type definitions
require_once PHPWCMS_ROOT . '/include/inc_lib/mimetype.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/revision/revision.php';
require_once PHPWCMS_ROOT . '/include/vendor/autoload.php';

phpwcms_getUserAgent();
define('BROWSER_NAME', $phpwcms['USER_AGENT']['agent']);
Expand Down
2 changes: 1 addition & 1 deletion include/inc_lib/revision/revision.php
View file
Expand Up @@ -10,5 +10,5 @@
**/

define('PHPWCMS_VERSION', '1.9.26');
define('PHPWCMS_RELEASE_DATE', '2021/08/14');
define('PHPWCMS_RELEASE_DATE', '2021/08/19');
define('PHPWCMS_REVISION', '552');
7 changes: 7 additions & 0 deletions include/vendor/autoload.php
View file
@@ -0,0 +1,7 @@
<?php

// autoload.php @generated by Composer

require_once __DIR__ . '/composer/autoload_real.php';

return ComposerAutoloaderInitd9d8a20757697aec57dc4639fa16142e::getLoader();

0 comments on commit b39db9c

Please sign in to comment.