Permalink
Show file tree
Hide file tree
11 changes: 10 additions & 1 deletion
11
Services/MediaObjects/classes/class.ilObjMediaObjectGUI.php
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
fixed bug #20339, sanitize svg
- Loading branch information
Alex Killing
committed
Apr 5, 2017
1 parent
d4ac6f4
commit ac223e9
Showing
16 changed files
with
2,557 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
56 changes: 56 additions & 0 deletions
56
Services/MediaObjects/classes/class.ilMediaSvgSanitizer.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| <?php | ||
|
|
||
| /* Copyright (c) 1998-2017 ILIAS open source, GPL, see docs/LICENSE */ | ||
|
|
||
| use enshrined\svgSanitize\Sanitizer; | ||
|
|
||
| /** | ||
| * Small wrapper for svg sanitizer | ||
| * | ||
| * @author Alex Killing <alex.killing@gmx.de> | ||
| * @version $Id$ | ||
| * | ||
| * @ingroup ServicesMediaObjects | ||
| */ | ||
| class ilMediaSvgSanitizer | ||
| { | ||
| /** | ||
| * Sanitize (temporary solution for sec issue 20339, ILIAS 5.0-5.2, not using composer autoloading yet) | ||
| * | ||
| * @param string $a_file file to be sanitized | ||
| */ | ||
| static function sanitizeFile($a_file) | ||
| { | ||
| include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/data/AttributeInterface.php"); | ||
| include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/data/TagInterface.php"); | ||
| include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/data/AllowedTags.php"); | ||
| include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/data/AllowedAttributes.php"); | ||
| include_once("./Services/MediaObjects/lib/svg-sanitizer-master/src/Sanitizer.php"); | ||
|
|
||
| $sanitizer = new Sanitizer(); | ||
| $dirtySVG = file_get_contents($a_file); | ||
| $cleanSVG = $sanitizer->sanitize($dirtySVG); | ||
| file_put_contents($a_file, $cleanSVG); | ||
| } | ||
|
|
||
| /** | ||
| * Sanitize directory recursively | ||
| * | ||
| * @param $a_path | ||
| */ | ||
| static function sanitizeDir($a_path) | ||
| { | ||
| $path = realpath($a_path); | ||
|
|
||
| $objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::SELF_FIRST); | ||
| foreach($objects as $name => $object) | ||
| { | ||
| if (strtolower(pathinfo($name, PATHINFO_EXTENSION)) == "svg") | ||
| { | ||
| self::sanitizeFile($name); | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| /vendor | ||
| /build |
19 changes: 19 additions & 0 deletions
19
Services/MediaObjects/lib/svg-sanitizer-master/.travis.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| language: php | ||
| php: | ||
| - 5.3 | ||
| - 5.4 | ||
| - 5.5 | ||
| - 5.6 | ||
| - 7.0 | ||
| - hhvm | ||
|
|
||
| before_script: | ||
| - composer install --dev | ||
|
|
||
| addons: | ||
| code_climate: | ||
| repo_token: c051f6d29cce2d4ab0d6dfa460798b050cced025311f94ab3ba1ed50c7ceb31e | ||
|
|
||
| after_script: | ||
| - CODECLIMATE_REPO_TOKEN="c051f6d29cce2d4ab0d6dfa460798b050cced025311f94ab3ba1ed50c7ceb31e" vendor/bin/test-reporter --stdout > build/logs/codeclimate.json | ||
| - "curl --verbose -X POST -d @build/logs/codeclimate.json -H 'Content-Type: application/json' -H 'User-Agent: Code Climate (PHP Test Reporter v0.1.1)' https://codeclimate.com/test_reports" |
Oops, something went wrong.