fix: validate svg file extension in addition to client mime type

This commit is contained in:
NGPixel 2021-12-24 19:36:30 -05:00
parent e79e591f9e
commit 57b56d3a5b
No known key found for this signature in database
GPG Key ID: 8FDA2F1757F60D63

View File

@ -100,7 +100,13 @@ module.exports = class Asset extends Model {
} }
// Sanitize SVG contents // Sanitize SVG contents
if (WIKI.config.uploads.scanSVG && opts.mimetype === 'image/svg+xml') { if (
WIKI.config.uploads.scanSVG &&
(
opts.mimetype.toLowerCase().startsWith('image/svg') ||
opts.ext.toLowerCase() === 'svg'
)
) {
const svgSanitizeJob = await WIKI.scheduler.registerJob({ const svgSanitizeJob = await WIKI.scheduler.registerJob({
name: 'sanitize-svg', name: 'sanitize-svg',
immediate: true, immediate: true,