Browse Source

fix: validate svg file extension in addition to client mime type

pull/4824/head
NGPixel 2 years ago
parent
commit
57b56d3a5b
No known key found for this signature in database GPG Key ID: 8FDA2F1757F60D63
1 changed files with 7 additions and 1 deletions
  1. 8
      server/models/assets.js

8
server/models/assets.js

@ -100,7 +100,13 @@ module.exports = class Asset extends Model {
}
// Sanitize SVG contents
if (WIKI.config.uploads.scanSVG && opts.mimetype === 'image/svg+xml') {
if (
WIKI.config.uploads.scanSVG &&
(
opts.mimetype.toLowerCase().startsWith('image/svg') ||
opts.ext.toLowerCase() === 'svg'
)
) {
const svgSanitizeJob = await WIKI.scheduler.registerJob({
name: 'sanitize-svg',
immediate: true,

Loading…
Cancel
Save