Permalink
Browse files

Mark SVGs that become empty after sanitization as invalid

  • Loading branch information...
SeinopSys committed Dec 2, 2018
1 parent d192d53 commit 552485b1ba061af6b0940094c9b8c5bbfededb08
Showing with 2 additions and 2 deletions.
  1. +2 −2 app/CoreUtils.php
@@ -666,9 +666,9 @@ public static function validateSvg(string $svg_data){
$parser = new \DOMDocument('1.0', 'UTF-8');
libxml_use_internal_errors(true);
$parser->loadXML($svg_data);
$parser->loadXML(self::sanitizeSvg($svg_data));
libxml_use_internal_errors();
if ($parser->documentElement === null || strtolower($parser->documentElement->nodeName) !== 'svg')
if ($parser->documentElement === null || strtolower($parser->documentElement->nodeName) !== 'svg' || \count($parser->documentElement->childNodes) === 0)
return Input::ERROR_INVALID;
unset($parser);

0 comments on commit 552485b

Please sign in to comment.