màj
This commit is contained in:
@@ -12,6 +12,7 @@ namespace Grav\Common;
|
||||
use enshrined\svgSanitize\Sanitizer;
|
||||
use Exception;
|
||||
use Grav\Common\Config\Config;
|
||||
use Grav\Common\Filesystem\Folder;
|
||||
use Grav\Common\Page\Pages;
|
||||
use function chr;
|
||||
use function count;
|
||||
@@ -56,9 +57,16 @@ class Security
|
||||
$original_svg = file_get_contents($file);
|
||||
$clean_svg = $sanitizer->sanitize($original_svg);
|
||||
|
||||
// TODO: what to do with bad SVG files which return false?
|
||||
if ($clean_svg !== false && $clean_svg !== $original_svg) {
|
||||
// Quarantine bad SVG files and throw exception
|
||||
if ($clean_svg !== false ) {
|
||||
file_put_contents($file, $clean_svg);
|
||||
} else {
|
||||
$quarantine_file = basename($file);
|
||||
$quarantine_dir = 'log://quarantine';
|
||||
Folder::mkdir($quarantine_dir);
|
||||
file_put_contents("$quarantine_dir/$quarantine_file", $original_svg);
|
||||
unlink($file);
|
||||
throw new Exception('SVG could not be sanitized, it has been moved to the logs/quarantine folder');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user