Skip to content
Permalink
Browse files
Sanitize SVG images
  • Loading branch information
aimeos committed Jul 7, 2021
1 parent c3886c9 commit 1d72b74c904b487e91fe4ea975610dd382ddea49
Showing with 12 additions and 2 deletions.
  1. +2 −1 composer.json
  2. +9 −0 lib/mwlib/src/MW/Media/Image/Svg.php
  3. +1 −1 lib/mwlib/tests/MW/Media/Image/SvgTest.php
@@ -28,7 +28,8 @@
"nyholm/psr7": "^1.2",
"doctrine/dbal": "~2.0",
"psr/http-message": "~1.0",
"voku/portable-ascii": "^1.4"
"voku/portable-ascii": "^1.4",
"enshrined/svg-sanitize": "^0.14"
},
"require-dev": {
"php-coveralls/php-coveralls": "~2.0",
@@ -10,6 +10,8 @@

namespace Aimeos\MW\Media\Image;

use enshrined\svgSanitize\Sanitizer;


/**
* Image class for SVG files
@@ -40,6 +42,13 @@ public function __construct( string $content, string $mimetype, array $options )
$content = $string;
}

$sanitizer = new Sanitizer();
$sanitizer->removeRemoteReferences( true );

if( ( $content = $sanitizer->sanitize( $content ) ) === false ) {
throw new \Aimeos\MW\Media\Exception( 'Invalid SVG file: ' . print_r( $sanitizer->getXmlIssues(), true ) );
}

if( ( $this->svg = @simplexml_load_string( $content ) ) === false ) {
throw new \Aimeos\MW\Media\Exception( 'Invalid SVG file' );
}
@@ -70,7 +70,7 @@ public function testSaveContent()
$media = new \Aimeos\MW\Media\Image\Svg( $this->content, 'image/svg+xml', [] );
$result = $media->save();

$this->assertStringStartsWith( '<?xml version="1.0" standalone="yes"?>', $result );
$this->assertStringStartsWith( '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>', $result );
}


0 comments on commit 1d72b74

Please sign in to comment.