From: MrWouterNL Date: Mon, 21 Mar 2022 19:46:14 +0000 (+0100) Subject: [BUGFIX] Disallow file preview for image/svg+xml files X-Git-Tag: 4.4.0~4 X-Git-Url: https://git.p6c8.net/jirafeau_mojo42.git/commitdiff_plain/refs/merge-requests/103/head [BUGFIX] Disallow file preview for image/svg+xml files --- diff --git a/lib/functions.js.php b/lib/functions.js.php index 7cf1da8..14fad1d 100644 --- a/lib/functions.js.php +++ b/lib/functions.js.php @@ -182,16 +182,17 @@ function show_link (reference, delete_code, crypt_key, date) } // Test if content can be previewed - type = document.getElementById('file_select').files[0].type; - if (type.startsWith('image/') || - type.startsWith('audio') || - type.startsWith('text/plain') || - type.startsWith('video/')) - { + type = document.getElementById('file_select').files[0].type; + if ((type.startsWith('image/') + || type.startsWith('audio') + || type.startsWith('text/plain') + || type.startsWith('video/')) + && !type.includes('image/svg+xml')) + { document.getElementById('preview_link').href = preview_link_href; document.getElementById('preview_link_text').innerHTML = web_root + preview_link_href; document.getElementById('upload_finished_preview').style.display = ''; - } + } } // Direct download link diff --git a/lib/functions.php b/lib/functions.php index c831b73..6e5c886 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -511,7 +511,7 @@ function jirafeau_is_viewable($mime) if (!empty($mime)) { $viewable = array('image', 'video', 'audio'); $decomposed = explode('/', $mime); - if (in_array($decomposed[0], $viewable)) { + if (in_array($decomposed[0], $viewable) && strpos($mime, 'image/svg+xml') === false) { return true; } $viewable = array('text/plain');