liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: sanitize SVG uploads

Browse Source
This commit is contained in:
NGPixel
2021-12-17 21:41:23 -05:00
parent 79e153815f
commit 5d3e81496f
6 changed files with 79 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/models/assets.js
View File

@@ -99,6 +99,16 @@ module.exports = class Asset extends Model {
folderId: opts.folderId
}
// Sanitize SVG contents
if (WIKI.config.uploads.scanSVG && opts.mimetype === 'image/svg+xml') {
const svgSanitizeJob = await WIKI.scheduler.registerJob({
name: 'sanitize-svg',
immediate: true,
worker: true
}, opts.path)
await svgSanitizeJob.finished
}
// Save asset data
try {
const fileBuffer = await fs.readFile(opts.path)