[BUGFIX] Disallow file preview for image/svg+xml files

[jirafeau_project.git] / lib / functions.js.php

diff --git a/lib/functions.js.php b/lib/functions.js.php
index 71ce17ba0dafdc18a92ae8a022d98677f9f7d6f8..14fad1da5fa98eadc2473c90cba890ad6161cba3 100644 (file)
--- a/lib/functions.js.php
+++ b/lib/functions.js.php
@@ -182,16 +182,17 @@ function show_link (reference, delete_code, crypt_key, date)
         }
 
         // Test if content can be previewed
-         type = document.getElementById('file_select').files[0].type;
-         if (type.indexOf("image") > -1 ||
-             type.indexOf("audio") > -1 ||
-             type.indexOf("text") > -1 ||
-             type.indexOf("video") > -1)
-         {
+        type = document.getElementById('file_select').files[0].type;
+        if ((type.startsWith('image/')
+                || type.startsWith('audio')
+                || type.startsWith('text/plain')
+                || type.startsWith('video/'))
+            && !type.includes('image/svg+xml'))
+        {
             document.getElementById('preview_link').href = preview_link_href;
             document.getElementById('preview_link_text').innerHTML = web_root + preview_link_href;
             document.getElementById('upload_finished_preview').style.display = '';
-         }
+        }
     }
 
     // Direct download link