SVG Sanitizer Package Added

bagisto · Mar 1, 2021 · f9b51f8 · f9b51f8
1 parent b180c35
commit f9b51f8
Show file tree

Hide file tree

Showing 3 changed files with 111 additions and 28 deletions.
diff --git a/composer.json b/composer.json
@@ -25,6 +25,7 @@
         "barryvdh/laravel-debugbar": "^3.1",
         "barryvdh/laravel-dompdf": "0.8.6",
         "doctrine/dbal": "2.9.2",
+        "enshrined/svg-sanitize": "^0.14.0",
         "fideloper/proxy": "^4.2",
         "flynsarmy/db-blade-compiler": "^5.5",
         "fzaninotto/faker": "^1.4",

diff --git a/composer.lock b/composer.lock
diff --git a/packages/Webkul/Velocity/src/Http/Controllers/Admin/ConfigurationController.php b/packages/Webkul/Velocity/src/Http/Controllers/Admin/ConfigurationController.php
@@ -2,19 +2,13 @@
 
 namespace Webkul\Velocity\Http\Controllers\Admin;
 
-use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Str;
+use enshrined\svgSanitize\Sanitizer;
+use Illuminate\Support\Facades\Storage;
 use Webkul\Velocity\Repositories\VelocityMetadataRepository;
 
 class ConfigurationController extends Controller
 {
-    /**
-     * VelocityMetadataRepository object
-     *
-     * @var \Webkul\Velocity\Repositories\VelocityMetadataRepository
-     */
-    protected $velocityMetaDataRepository;
-
     /**
      * Locale
      */
@@ -25,6 +19,13 @@ class ConfigurationController extends Controller
      */
     protected $channel;
 
+    /**
+     * VelocityMetadataRepository $velocityMetaDataRepository
+     *
+     * @var \Webkul\Velocity\Repositories\VelocityMetadataRepository
+     */
+    protected $velocityMetaDataRepository;
+
     /**
      * Create a new controller instance.
      *
@@ -43,12 +44,14 @@ public function __construct (VelocityMetadataRepository $velocityMetadataReposit
     }
 
     /**
+     * Render meta data.
+     *
      * @return \Illuminate\View\View
      */
     public function renderMetaData()
-    {   
+    {
         $this->locale = request()->get('locale') ? request()->get('locale') : app()->getLocale();
-         
+
         $velocityMetaData = $this->velocityHelper->getVelocityMetaData($this->locale, $this->channel, false);
 
         if (! $velocityMetaData) {
@@ -65,6 +68,8 @@ public function renderMetaData()
     }
 
     /**
+     * Store meta data.
+     *
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
@@ -132,10 +137,11 @@ public function storeMetaData($id)
     }
 
     /**
+     * Upload advertisement images.
+     *
      * @param  array    $data
      * @param  int      $index
      * @param  array    $advertisement
-     *
      * @return array
      */
     public function uploadAdvertisementImages($data, $index, $advertisement)
@@ -152,16 +158,20 @@ public function uploadAdvertisementImages($data, $index, $advertisement)
                 if (Str::contains($imageId, 'image_')) {
                     if (request()->hasFile($file) && $image) {
                         $filter_index = substr($imageId, 6, 1);
-                        if ( isset($data[$filter_index]) ) {
+                        if (isset($data[$filter_index])) {
                             $size = array_key_last($saveData[$index]);
 
-                            $saveImage[$size + 1] = request()->file($file)->store($dir);
+                            $saveImage[$size + 1] = $path = request()->file($file)->store($dir);
                         } else {
-                            $saveImage[substr($imageId, 6, 1)] = request()->file($file)->store($dir);
+                            $saveImage[substr($imageId, 6, 1)] = $path = request()->file($file)->store($dir);
+                        }
+
+                        if ($image->getMimeType() === 'image/svg') {
+                            $this->sanitizeSVG($path);
                         }
                     }
                 } else {
-                    if ( isset($advertisement[$index][$imageId]) && $advertisement[$index][$imageId] && !request()->hasFile($file)) {
+                    if (isset($advertisement[$index][$imageId]) && $advertisement[$index][$imageId] && !request()->hasFile($file)) {
                         $saveImage[$imageId] = $advertisement[$index][$imageId];
 
                         unset($advertisement[$index][$imageId]);
@@ -200,30 +210,35 @@ public function uploadAdvertisementImages($data, $index, $advertisement)
     }
 
     /**
-     * @param  array    $data
-     * @param  int      $index
+     * Upload image.
      *
+     * @param  array    $image
+     * @param  int      $index
      * @return mixed
      */
-    public function uploadImage($data, $index)
+    public function uploadImage($image, $index)
     {
         $type = 'product_view_images';
-        $request = request();
 
-        $image = '';
         $file = $type . '.' . $index;
         $dir = "velocity/$type";
 
-        if ($request->hasFile($file)) {
+        if (request()->hasFile($file)) {
             Storage::delete($dir . $file);
 
-            $image = $request->file($file)->store($dir);
+            $imagePath = request()->file($file)->store($dir);
+
+            if ($image->getMimeType() === 'image/svg') {
+                $this->sanitizeSVG($imagePath);
+            }
         }
 
-        return $image;
+        return $imagePath ?? '';
     }
 
     /**
+     * Manage add images.
+     *
      * @param  array  $addImages
      *
      * @return array
@@ -250,22 +265,44 @@ public function manageAddImages($addImages)
         return $imagePaths;
     }
 
+    /**
+     * Create meta data.
+     *
+     * @param  string  $locale
+     * @param  string  $channel
+     *
+     * @return array
+     */
     private function createMetaData($locale, $channel)
     {
         \DB::table('velocity_meta_data')->insert([
             'locale'                   => $locale,
             'channel'                  => $channel,
             'header_content_count'     => '5',
-
             'home_page_content'        => "<p>@include('shop::home.advertisements.advertisement-four')@include('shop::home.featured-products') @include('shop::home.product-policy') @include('shop::home.advertisements.advertisement-three') @include('shop::home.new-products') @include('shop::home.advertisements.advertisement-two')</p>",
             'footer_left_content'      => __('velocity::app.admin.meta-data.footer-left-raw-content'),
-
             'footer_middle_content'    => '<div class="col-lg-6 col-md-12 col-sm-12 no-padding"><ul type="none"><li><a href="{!! url(\'page/about-us\') !!}">About Us</a></li><li><a href="{!! url(\'page/cutomer-service\') !!}">Customer Service</a></li><li><a href="{!! url(\'page/whats-new\') !!}">What&rsquo;s New</a></li><li><a href="{!! url(\'page/contact-us\') !!}">Contact Us </a></li></ul></div><div class="col-lg-6 col-md-12 col-sm-12 no-padding"><ul type="none"><li><a href="{!! url(\'page/return-policy\') !!}"> Order and Returns </a></li><li><a href="{!! url(\'page/payment-policy\') !!}"> Payment Policy </a></li><li><a href="{!! url(\'page/shipping-policy\') !!}"> Shipping Policy</a></li><li><a href="{!! url(\'page/privacy-policy\') !!}"> Privacy and Cookies Policy </a></li></ul></div>',
             'slider'                   => 1,
-
             'subscription_bar_content' => '<div class="social-icons col-lg-6"><a href="https://webkul.com" target="_blank" class="unset" rel="noopener noreferrer"><i class="fs24 within-circle rango-facebook" title="facebook"></i> </a> <a href="https://webkul.com" target="_blank" class="unset" rel="noopener noreferrer"><i class="fs24 within-circle rango-twitter" title="twitter"></i> </a> <a href="https://webkul.com" target="_blank" class="unset" rel="noopener noreferrer"><i class="fs24 within-circle rango-linked-in" title="linkedin"></i> </a> <a href="https://webkul.com" target="_blank" class="unset" rel="noopener noreferrer"><i class="fs24 within-circle rango-pintrest" title="Pinterest"></i> </a> <a href="https://webkul.com" target="_blank" class="unset" rel="noopener noreferrer"><i class="fs24 within-circle rango-youtube" title="Youtube"></i> </a> <a href="https://webkul.com" target="_blank" class="unset" rel="noopener noreferrer"><i class="fs24 within-circle rango-instagram" title="instagram"></i></a></div>',
-
             'product_policy'           => '<div class="row col-12 remove-padding-margin"><div class="col-lg-4 col-sm-12 product-policy-wrapper"><div class="card"><div class="policy"><div class="left"><i class="rango-van-ship fs40"></i></div> <div class="right"><span class="font-setting fs20">Free Shipping on Order $20 or More</span></div></div></div></div> <div class="col-lg-4 col-sm-12 product-policy-wrapper"><div class="card"><div class="policy"><div class="left"><i class="rango-exchnage fs40"></i></div> <div class="right"><span class="font-setting fs20">Product Replace &amp; Return Available </span></div></div></div></div> <div class="col-lg-4 col-sm-12 product-policy-wrapper"><div class="card"><div class="policy"><div class="left"><i class="rango-exchnage fs40"></i></div> <div class="right"><span class="font-setting fs20">Product Exchange and EMI Available </span></div></div></div></div></div>',
         ]);
     }
+
+    /**
+     * Sanitize SVG file.
+     *
+     * @param  string  $path
+     * @return void
+     */
+    private function sanitizeSVG($path)
+    {
+        /* sanitizer instance */
+        $sanitizer = new Sanitizer();
+
+        /* grab svg file */
+        $dirtySVG = Storage::get($path);
+
+        /* save sanitized svg */
+        Storage::put($path, $sanitizer->sanitize($dirtySVG));
+    }
 }