Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed XSS vulnerability in SVG image uploads [ch10476] #7639

Merged
merged 4 commits into from
Dec 6, 2019
Merged

Fixed XSS vulnerability in SVG image uploads [ch10476] #7639

merged 4 commits into from
Dec 6, 2019

Commits on Dec 6, 2019

  1. Added enshrined/svg-sanitize

    @snipe
    snipe committed Dec 6, 2019
    Configuration menu
    Copy the full SHA
    59738c7 View commit details
    Browse the repository at this point in the history

  2. Added modular image resizing/SVG cleaning method 

    (This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.)
    @snipe
    snipe committed Dec 6, 2019
    Configuration menu
    Copy the full SHA
    e8ef0a4 View commit details
    Browse the repository at this point in the history

  3. Use improved handleImages method to upload/resize/clean images

    @snipe
    snipe committed Dec 6, 2019
    Configuration menu
    Copy the full SHA
    9444d93 View commit details
    Browse the repository at this point in the history

  4. Removed $old_image 

    This is handled in the ImageUpload request now
    @snipe
    snipe committed Dec 6, 2019
    Configuration menu
    Copy the full SHA
    4b99aae View commit details
    Browse the repository at this point in the history