Added a new sanitize_svg security config option [default: true]

2025-02-20 19:56:53 +01:00 · 2019-09-03 12:07:47 -06:00 · 2019-09-03 12:07:47 -06:00 · ab75201f11
commit ab75201f11
parent 45b1b0a2ef
3 changed files with 19 additions and 4 deletions
--- a/system/blueprints/config/security.yaml
+++ b/system/blueprints/config/security.yaml
@ -105,3 +105,15 @@ form:
            validate:
                type: commalist

+
+        sanitize_svg:
+            type: toggle
+            label: PLUGIN_ADMIN.SANITIZE_SVG
+            help: PLUGIN_ADMIN.SANITIZE_SVG_HELP
+            highlight: 1
+            options:
+                1: PLUGIN_ADMIN.YES
+                0: PLUGIN_ADMIN.NO
+            default: true
+            validate:
+                type: bool
--- a/system/config/security.yaml
+++ b/system/config/security.yaml
@ -36,3 +36,4 @@ uploads_dangerous_extensions:
    - htm
    - js
    - exe
+sanitize_svg: true
--- a/system/src/Grav/Common/Security.php
+++ b/system/src/Grav/Common/Security.php
@ -22,10 +22,12 @@ class Security
     */
    public static function sanitizeSVG($file)
    {
-        $sanitizer = new Sanitizer();
-        $original_svg = file_get_contents($file);
-        $clean_svg = $sanitizer->sanitize($original_svg);
-        file_put_contents($file, $clean_svg);
+        if (Grav::instance()['config']->get('security.sanitize_svg')) {
+            $sanitizer = new Sanitizer();
+            $original_svg = file_get_contents($file);
+            $clean_svg = $sanitizer->sanitize($original_svg);
+            file_put_contents($file, $clean_svg);
+        }
    }

    /**