Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed bug #20339, sanitize svg
  • Loading branch information
Alex Killing committed Apr 5, 2017
1 parent d4ac6f4 commit ac223e9
Show file tree
Hide file tree
Showing 16 changed files with 2,557 additions and 1 deletion.
2 changes: 2 additions & 0 deletions Services/MediaObjects/classes/class.ilMediaObjectDataSet.php
Expand Up @@ -371,6 +371,8 @@ function importRecord($a_entity, $a_types, $a_rec, $a_mapping, $a_schema_version
$target_dir = $dir = ilObjMediaObject::_getDirectory($newObj->getId());
ilUtil::rCopy($source_dir, $target_dir);
ilObjMediaObject::renameExecutables($target_dir);
include_once("./Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php");
ilMediaSvgSanitizer::sanitizeDir($target_dir); // see #20339
}

$a_mapping->addMapping("Services/MediaObjects", "mob", $a_rec["Id"], $newObj->getId());
Expand Down
56 changes: 56 additions & 0 deletions Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php
@@ -0,0 +1,56 @@
<?php

/* Copyright (c) 1998-2017 ILIAS open source, GPL, see docs/LICENSE */

use enshrined\svgSanitize\Sanitizer;

/**
* Small wrapper for svg sanitizer
*
* @author Alex Killing <alex.killing@gmx.de>
* @version $Id$
*
* @ingroup ServicesMediaObjects
*/
class ilMediaSvgSanitizer
{
/**
* Sanitize (temporary solution for sec issue 20339, ILIAS 5.0-5.2, not using composer autoloading yet)
*
* @param string $a_file file to be sanitized
*/
static function sanitizeFile($a_file)
{
include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/data/AttributeInterface.php");
include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/data/TagInterface.php");
include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/data/AllowedTags.php");
include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/data/AllowedAttributes.php");
include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/Sanitizer.php");

$sanitizer = new Sanitizer();
$dirtySVG = file_get_contents($a_file);
$cleanSVG = $sanitizer->sanitize($dirtySVG);
file_put_contents($a_file, $cleanSVG);
}

/**
* Sanitize directory recursively
*
* @param $a_path
*/
static function sanitizeDir($a_path)
{
$path = realpath($a_path);

$objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::SELF_FIRST);
foreach($objects as $name => $object)
{
if (strtolower(pathinfo($name, PATHINFO_EXTENSION)) == "svg")
{
self::sanitizeFile($name);
}
}
}
}

?>
6 changes: 6 additions & 0 deletions Services/MediaObjects/classes/class.ilObjMediaObject.php
Expand Up @@ -1686,6 +1686,9 @@ public static function _saveTempFileAsMediaObject($name, $tmp_name, $upload = TR
$media_item->setHAlign("Left");

self::renameExecutables($mob_dir);
include_once("./Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php");
ilMediaSvgSanitizer::sanitizeDir($mob_dir); // see #20339

$media_object->update();

return $media_object;
Expand All @@ -1705,6 +1708,9 @@ function uploadAdditionalFile($a_name, $tmp_name, $a_subdir = "", $a_mode = "mov
ilUtil::makeDirParents($dir);
ilUtil::moveUploadedFile($tmp_name, $a_name, $dir."/".$a_name, true, $a_mode);
self::renameExecutables($mob_dir);
include_once("./Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php");
ilMediaSvgSanitizer::sanitizeDir($mob_dir); // see #20339

}

/**
Expand Down
11 changes: 10 additions & 1 deletion Services/MediaObjects/classes/class.ilObjMediaObjectGUI.php
Expand Up @@ -176,6 +176,8 @@ function executeCommand()
ilObjMediaObject::renameExecutables(ilObjMediaObject::_getDirectory($this->object->getId())); // see #20187
$ret = $this->ctrl->forwardCommand($fs_gui);
ilObjMediaObject::renameExecutables(ilObjMediaObject::_getDirectory($this->object->getId())); // see #20187
include_once("./Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php");
ilMediaSvgSanitizer::sanitizeDir(ilObjMediaObject::_getDirectory($this->object->getId())); // see #20339
break;


Expand Down Expand Up @@ -799,6 +801,8 @@ static function setObjectPerCreationForm($a_mob)
}

ilObjMediaObject::renameExecutables($mob_dir);
include_once("./Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php");
ilMediaSvgSanitizer::sanitizeDir($mob_dir); // see #20339
$a_mob->update();
}

Expand Down Expand Up @@ -1146,7 +1150,9 @@ function savePropertiesObject()
}

ilObjMediaObject::renameExecutables(ilObjMediaObject::_getDirectory($this->object->getId()));

include_once("./Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php");
ilMediaSvgSanitizer::sanitizeDir(ilObjMediaObject::_getDirectory($this->object->getId())); // see #20339

$this->object->update();
ilUtil::sendSuccess($lng->txt("msg_obj_modified"), true);
$this->ctrl->redirect($this, "edit");
Expand Down Expand Up @@ -1391,6 +1397,9 @@ function uploadFileObject()

}
ilObjMediaObject::renameExecutables($mob_dir);
include_once("./Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php");
ilMediaSvgSanitizer::sanitizeDir($mob_dir); // see #20339

$this->ctrl->saveParameter($this, "cdir");
$this->ctrl->redirect($this, "editFiles");
}
Expand Down
2 changes: 2 additions & 0 deletions Services/MediaObjects/lib/svg-sanitizer-master/.gitignore
@@ -0,0 +1,2 @@
/vendor
/build
19 changes: 19 additions & 0 deletions Services/MediaObjects/lib/svg-sanitizer-master/.travis.yml
@@ -0,0 +1,19 @@
language: php
php:
- 5.3
- 5.4
- 5.5
- 5.6
- 7.0
- hhvm

before_script:
- composer install --dev

addons:
code_climate:
repo_token: c051f6d29cce2d4ab0d6dfa460798b050cced025311f94ab3ba1ed50c7ceb31e

after_script:
- CODECLIMATE_REPO_TOKEN="c051f6d29cce2d4ab0d6dfa460798b050cced025311f94ab3ba1ed50c7ceb31e" vendor/bin/test-reporter --stdout > build/logs/codeclimate.json
- "curl --verbose -X POST -d @build/logs/codeclimate.json -H 'Content-Type: application/json' -H 'User-Agent: Code Climate (PHP Test Reporter v0.1.1)' https://codeclimate.com/test_reports"

0 comments on commit ac223e9

Please sign in to comment.