fix: validate svg file extension in addition to client mime type

2021-12-24 19:36:30 -05:00
parent e79e591f9e
commit 57b56d3a5b
1 changed files with 7 additions and 1 deletions
--- a/server/models/assets.js
+++ b/server/models/assets.js
@@ -100,7 +100,13 @@ module.exports = class Asset extends Model {
    }

    // Sanitize SVG contents
-    if (WIKI.config.uploads.scanSVG && opts.mimetype === 'image/svg+xml') {
+    if (
+      WIKI.config.uploads.scanSVG &&
+      (
+        opts.mimetype.toLowerCase().startsWith('image/svg') ||
+        opts.ext.toLowerCase() === 'svg'
+      )
+    ) {
      const svgSanitizeJob = await WIKI.scheduler.registerJob({
        name: 'sanitize-svg',
        immediate: true,