adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-01 20:04:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #2552 - Implement SVG validation

Browse Source 
Use https://github.com/darylldoyle/svg-sanitizer to check for malicious code inside svg, throw an error code 415 when triggered in the API.
This commit is contained in:
RushLana
2026-05-11 15:22:16 +02:00
parent 1b1c89867e
commit 2357a86d51
14 changed files with 2010 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/include/functions_upload.inc.php
+19
View File
@@ -8,6 +8,7 @@
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once(PHPWG_ROOT_PATH.'admin/include/image.class.php');
include_once(PHPWG_ROOT_PATH.'include/svg-sanitizer.php');
// add default event handler for image and thumbnail resize
add_event_handler('upload_image_resize', 'pwg_image_resize');
@@ -253,6 +254,24 @@ SELECT
pwg_check_real_extension($source_filepath, $original_filename, true);
if ('svg' == $original_extension)
{
// Check for malicious code inside the svg
$issues = validate_svg(file_get_contents($source_filepath));
if ($issues != '')
{
$error_msg = 'Invalid SVG "'.htmlspecialchars($original_filename).'" '.$issues;
unlink($source_filepath);
if (defined('IN_WS'))
{
global $service;
$service->sendResponse(new PwgError(415, $error_msg));
exit;
}
die($error_msg);
}
}
$file_extension_replace_by = array(
'jpeg' => 'jpg',
);