]> git.p6c8.net - jirafeau_mojo42.git/blobdiff - lib/functions.js.php
[BUGFIX] Disallow file preview for image/svg+xml files
[jirafeau_mojo42.git] / lib / functions.js.php
index 7cf1da8644261a52476a3fcfc880fc33efdac3cb..14fad1da5fa98eadc2473c90cba890ad6161cba3 100644 (file)
@@ -182,16 +182,17 @@ function show_link (reference, delete_code, crypt_key, date)
         }
 
         // Test if content can be previewed
         }
 
         // Test if content can be previewed
-         type = document.getElementById('file_select').files[0].type;
-         if (type.startsWith('image/') ||
-                type.startsWith('audio') ||
-                type.startsWith('text/plain') ||
-                type.startsWith('video/'))
-         {
+        type = document.getElementById('file_select').files[0].type;
+        if ((type.startsWith('image/')
+                || type.startsWith('audio')
+                || type.startsWith('text/plain')
+                || type.startsWith('video/'))
+            && !type.includes('image/svg+xml'))
+        {
             document.getElementById('preview_link').href = preview_link_href;
             document.getElementById('preview_link_text').innerHTML = web_root + preview_link_href;
             document.getElementById('upload_finished_preview').style.display = '';
             document.getElementById('preview_link').href = preview_link_href;
             document.getElementById('preview_link_text').innerHTML = web_root + preview_link_href;
             document.getElementById('upload_finished_preview').style.display = '';
-         }
+        }
     }
 
     // Direct download link
     }
 
     // Direct download link

patrick-canterino.de