From 8445b84c08c16aed818de26ce40e75d4c182fb9e Mon Sep 17 00:00:00 2001 From: Luke Towers Date: Wed, 29 Nov 2023 14:48:06 -0600 Subject: [PATCH] Run media library files through Svg sanitizer when renaming to SVG extension --- modules/system/classes/MediaLibrary.php | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/modules/system/classes/MediaLibrary.php b/modules/system/classes/MediaLibrary.php index 9bf4eaadb5..032ee92e3a 100644 --- a/modules/system/classes/MediaLibrary.php +++ b/modules/system/classes/MediaLibrary.php @@ -1,16 +1,18 @@ -getMediaPath($newPath); + // If the file extension is changed to SVG, ensure that it has been sanitized + $oldExt = pathinfo($oldPath, PATHINFO_EXTENSION); + $newExt = pathinfo($newPath, PATHINFO_EXTENSION); + if ($oldExt !== $newExt && $newExt === 'svg') { + $contents = $this->getStorageDisk()->get($fullOldPath); + $contents = Svg::sanitize($contents); + $this->getStorageDisk()->put($fullOldPath, $contents); + } + return $this->getStorageDisk()->move($fullOldPath, $fullNewPath); }