Skip to content

Commit

Permalink
Merge pull request #4893 from dlubitz/task/cleanup-svg-sanitizer
Browse files Browse the repository at this point in the history 
TASK: Cleanup SVG Sanitzer workaround after 0.17.0 release
  • Loading branch information
@crydotsnake
crydotsnake committed Feb 16, 2024
2 parents 70c6929 + 3cab0a2 commit 129d78b
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 5 deletions.
4 changes: 0 additions & 4 deletions Neos.Media.Browser/Classes/Controller/AssetController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1032,15 +1032,11 @@ private function forwardWithConstraints(string $actionName, string $controllerNa
private function checkForMaliciousContent(AssetProxyInterface $assetProxy): bool
{
if ($assetProxy->getMediaType() == 'image/svg+xml') {
// @todo: Simplify again when https://github.com/darylldoyle/svg-sanitizer/pull/90 is merged and released.
$previousXmlErrorHandling = libxml_use_internal_errors(true);
$sanitizer = new Sanitizer();

$resource = stream_get_contents($assetProxy->getImportStream());

$sanitizer->sanitize($resource);
libxml_clear_errors();
libxml_use_internal_errors($previousXmlErrorHandling);
$issues = $sanitizer->getXmlIssues();
if ($issues && count($issues) > 0) {
return true;
Expand Down
2 changes: 1 addition & 1 deletion Neos.Media.Browser/composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"neos/error-messages": "*",
"doctrine/common": "^2.7 || ^3.0",
"doctrine/orm": "^2.6",
"enshrined/svg-sanitize": "^0.16.0"
"enshrined/svg-sanitize": "^0.17.0"
},
"autoload": {
"psr-4": {
Expand Down

0 comments on commit 129d78b

Please sign in to comment.