From 6d6c111b80ad13201b7acd7c2f5b8fd6d160e11b Mon Sep 17 00:00:00 2001 From: MrWouterNL Date: Mon, 21 Mar 2022 20:46:14 +0100 Subject: [PATCH 1/1] [BUGFIX] Disallow file preview for image/svg+xml files --- lib/functions.js.php | 15 ++++++++------- lib/functions.php | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/lib/functions.js.php b/lib/functions.js.php index 7cf1da8..14fad1d 100644 --- a/lib/functions.js.php +++ b/lib/functions.js.php @@ -182,16 +182,17 @@ function show_link (reference, delete_code, crypt_key, date) } // Test if content can be previewed - type = document.getElementById('file_select').files[0].type; - if (type.startsWith('image/') || - type.startsWith('audio') || - type.startsWith('text/plain') || - type.startsWith('video/')) - { + type = document.getElementById('file_select').files[0].type; + if ((type.startsWith('image/') + || type.startsWith('audio') + || type.startsWith('text/plain') + || type.startsWith('video/')) + && !type.includes('image/svg+xml')) + { document.getElementById('preview_link').href = preview_link_href; document.getElementById('preview_link_text').innerHTML = web_root + preview_link_href; document.getElementById('upload_finished_preview').style.display = ''; - } + } } // Direct download link diff --git a/lib/functions.php b/lib/functions.php index c831b73..6e5c886 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -511,7 +511,7 @@ function jirafeau_is_viewable($mime) if (!empty($mime)) { $viewable = array('image', 'video', 'audio'); $decomposed = explode('/', $mime); - if (in_array($decomposed[0], $viewable)) { + if (in_array($decomposed[0], $viewable) && strpos($mime, 'image/svg+xml') === false) { return true; } $viewable = array('text/plain'); -- 2.34.1