diff --git a/composer.json b/composer.json
index 504262e7..ccb454e3 100644
--- a/composer.json
+++ b/composer.json
@@ -30,6 +30,7 @@
"google/recaptcha" : "~1.1",
"dapphp/securimage" : "3.6.*",
"shish/libcontext-php" : "dev-master",
+ "enshrined/svg-sanitize" : "0.8.2",
"bower-asset/jquery" : "1.12.3",
"bower-asset/jquery-timeago" : "1.5.2",
diff --git a/composer.lock b/composer.lock
index b2720c6f..2805f8e2 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
- "content-hash": "eb5180245fbf27fb02d9a4018a2ff059",
+ "content-hash": "fd0ccce172ded2999f5ced0884990541",
"packages": [
{
"name": "bower-asset/jquery",
@@ -91,32 +91,32 @@
"source": {
"type": "git",
"url": "https://github.com/christianbach/tablesorter.git",
- "reference": "774576308e8a25aa9d68b7fe3069b79543992d7a"
+ "reference": "07e0918254df3c2057d6d8e4653a0769f1881412"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/christianbach/tablesorter/zipball/774576308e8a25aa9d68b7fe3069b79543992d7a",
- "reference": "774576308e8a25aa9d68b7fe3069b79543992d7a",
+ "url": "https://api.github.com/repos/christianbach/tablesorter/zipball/07e0918254df3c2057d6d8e4653a0769f1881412",
+ "reference": "07e0918254df3c2057d6d8e4653a0769f1881412",
"shasum": null
},
"type": "bower-asset",
"license": [
"MIT,GPL"
],
- "time": "2015-12-03T01:22:52+00:00"
+ "time": "2017-12-20T18:16:21+00:00"
},
{
"name": "dapphp/securimage",
- "version": "3.6.5",
+ "version": "3.6.6",
"source": {
"type": "git",
"url": "https://github.com/dapphp/securimage.git",
- "reference": "3f5a84fd80b1a35d58332896c944142713a7e802"
+ "reference": "6eea2798f56540fa88356c98f282d6391a72be15"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/dapphp/securimage/zipball/3f5a84fd80b1a35d58332896c944142713a7e802",
- "reference": "3f5a84fd80b1a35d58332896c944142713a7e802",
+ "url": "https://api.github.com/repos/dapphp/securimage/zipball/6eea2798f56540fa88356c98f282d6391a72be15",
+ "reference": "6eea2798f56540fa88356c98f282d6391a72be15",
"shasum": ""
},
"require": {
@@ -150,7 +150,44 @@
"captcha",
"security"
],
- "time": "2016-12-04T17:45:57+00:00"
+ "time": "2017-11-21T02:29:19+00:00"
+ },
+ {
+ "name": "enshrined/svg-sanitize",
+ "version": "0.8.2",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/darylldoyle/svg-sanitizer.git",
+ "reference": "432fc4fc7e95b8a866790ba27e35076b9dd96ebe"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/432fc4fc7e95b8a866790ba27e35076b9dd96ebe",
+ "reference": "432fc4fc7e95b8a866790ba27e35076b9dd96ebe",
+ "shasum": ""
+ },
+ "require-dev": {
+ "codeclimate/php-test-reporter": "^0.1.2",
+ "phpunit/phpunit": "^4.7"
+ },
+ "type": "library",
+ "autoload": {
+ "psr-4": {
+ "enshrined\\svgSanitize\\": "src"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "GPL-2.0+"
+ ],
+ "authors": [
+ {
+ "name": "Daryll Doyle",
+ "email": "daryll@enshrined.co.uk"
+ }
+ ],
+ "description": "An SVG sanitizer for PHP",
+ "time": "2017-12-06T15:31:26+00:00"
},
{
"name": "flexihash/flexihash",
@@ -266,12 +303,12 @@
"source": {
"type": "git",
"url": "https://github.com/shish/libcontext-php.git",
- "reference": "7c80a23c56cfb207c02c18292720d3bd5aac474d"
+ "reference": "f57c377e0a5e700fb4d9406e47051a3b7478170e"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/shish/libcontext-php/zipball/7c80a23c56cfb207c02c18292720d3bd5aac474d",
- "reference": "7c80a23c56cfb207c02c18292720d3bd5aac474d",
+ "url": "https://api.github.com/repos/shish/libcontext-php/zipball/f57c377e0a5e700fb4d9406e47051a3b7478170e",
+ "reference": "f57c377e0a5e700fb4d9406e47051a3b7478170e",
"shasum": ""
},
"require": {
@@ -299,7 +336,7 @@
"performance",
"profiler"
],
- "time": "2017-09-21T03:48:29+00:00"
+ "time": "2017-09-21T13:25:55+00:00"
}
],
"packages-dev": [
@@ -359,37 +396,40 @@
},
{
"name": "myclabs/deep-copy",
- "version": "1.x-dev",
+ "version": "1.7.0",
"source": {
"type": "git",
"url": "https://github.com/myclabs/DeepCopy.git",
- "reference": "8e6e04167378abf1ddb4d3522d8755c5fd90d102"
+ "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/8e6e04167378abf1ddb4d3522d8755c5fd90d102",
- "reference": "8e6e04167378abf1ddb4d3522d8755c5fd90d102",
+ "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e",
+ "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e",
"shasum": ""
},
"require": {
- "php": ">=5.4.0"
+ "php": "^5.6 || ^7.0"
},
"require-dev": {
- "doctrine/collections": "1.*",
- "phpunit/phpunit": "~4.1"
+ "doctrine/collections": "^1.0",
+ "doctrine/common": "^2.6",
+ "phpunit/phpunit": "^4.1"
},
"type": "library",
"autoload": {
"psr-4": {
"DeepCopy\\": "src/DeepCopy/"
- }
+ },
+ "files": [
+ "src/DeepCopy/deep_copy.php"
+ ]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "Create deep copies (clones) of your objects",
- "homepage": "https://github.com/myclabs/DeepCopy",
"keywords": [
"clone",
"copy",
@@ -397,7 +437,7 @@
"object",
"object graph"
],
- "time": "2017-04-12T18:52:22+00:00"
+ "time": "2017-10-19T19:58:43+00:00"
},
{
"name": "phar-io/manifest",
@@ -503,7 +543,7 @@
},
{
"name": "phpdocumentor/reflection-common",
- "version": "dev-master",
+ "version": "1.0.1",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionCommon.git",
@@ -557,29 +597,35 @@
},
{
"name": "phpdocumentor/reflection-docblock",
- "version": "4.1.1",
+ "version": "4.3.0",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
- "reference": "2d3d238c433cf69caeb4842e97a3223a116f94b2"
+ "reference": "94fd0001232e47129dd3504189fa1c7225010d08"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/2d3d238c433cf69caeb4842e97a3223a116f94b2",
- "reference": "2d3d238c433cf69caeb4842e97a3223a116f94b2",
+ "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/94fd0001232e47129dd3504189fa1c7225010d08",
+ "reference": "94fd0001232e47129dd3504189fa1c7225010d08",
"shasum": ""
},
"require": {
"php": "^7.0",
- "phpdocumentor/reflection-common": "^1.0@dev",
+ "phpdocumentor/reflection-common": "^1.0.0",
"phpdocumentor/type-resolver": "^0.4.0",
"webmozart/assert": "^1.0"
},
"require-dev": {
- "mockery/mockery": "^0.9.4",
- "phpunit/phpunit": "^4.4"
+ "doctrine/instantiator": "~1.0.5",
+ "mockery/mockery": "^1.0",
+ "phpunit/phpunit": "^6.4"
},
"type": "library",
+ "extra": {
+ "branch-alias": {
+ "dev-master": "4.x-dev"
+ }
+ },
"autoload": {
"psr-4": {
"phpDocumentor\\Reflection\\": [
@@ -598,7 +644,7 @@
}
],
"description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
- "time": "2017-08-30T18:51:59+00:00"
+ "time": "2017-11-30T07:14:17+00:00"
},
{
"name": "phpdocumentor/type-resolver",
@@ -653,12 +699,12 @@
"source": {
"type": "git",
"url": "https://github.com/phpspec/prophecy.git",
- "reference": "c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6"
+ "reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/phpspec/prophecy/zipball/c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6",
- "reference": "c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6",
+ "url": "https://api.github.com/repos/phpspec/prophecy/zipball/dfd6be44111a7c41c2e884a336cc4f461b3b2401",
+ "reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401",
"shasum": ""
},
"require": {
@@ -670,7 +716,7 @@
},
"require-dev": {
"phpspec/phpspec": "^2.5|^3.2",
- "phpunit/phpunit": "^4.8 || ^5.6.5"
+ "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5"
},
"type": "library",
"extra": {
@@ -708,20 +754,20 @@
"spy",
"stub"
],
- "time": "2017-09-04T11:05:03+00:00"
+ "time": "2018-02-19T10:16:54+00:00"
},
{
"name": "phpunit/php-code-coverage",
- "version": "dev-master",
+ "version": "5.3.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-code-coverage.git",
- "reference": "77a1ba8076365f943e2a3d75573b6c9822840ac6"
+ "reference": "982ce790a6f31b8f1319a15d86e4614b109af25e"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/77a1ba8076365f943e2a3d75573b6c9822840ac6",
- "reference": "77a1ba8076365f943e2a3d75573b6c9822840ac6",
+ "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/982ce790a6f31b8f1319a15d86e4614b109af25e",
+ "reference": "982ce790a6f31b8f1319a15d86e4614b109af25e",
"shasum": ""
},
"require": {
@@ -730,14 +776,13 @@
"php": "^7.0",
"phpunit/php-file-iterator": "^1.4.2",
"phpunit/php-text-template": "^1.2.1",
- "phpunit/php-token-stream": "^2.0",
+ "phpunit/php-token-stream": "^2.0.1",
"sebastian/code-unit-reverse-lookup": "^1.0.1",
"sebastian/environment": "^3.0",
"sebastian/version": "^2.0.1",
"theseer/tokenizer": "^1.1"
},
"require-dev": {
- "ext-xdebug": "^2.5",
"phpunit/phpunit": "^6.0"
},
"suggest": {
@@ -746,7 +791,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-master": "5.2.x-dev"
+ "dev-master": "5.3.x-dev"
}
},
"autoload": {
@@ -761,7 +806,7 @@
"authors": [
{
"name": "Sebastian Bergmann",
- "email": "sb@sebastian-bergmann.de",
+ "email": "sebastian@phpunit.de",
"role": "lead"
}
],
@@ -772,20 +817,20 @@
"testing",
"xunit"
],
- "time": "2017-08-25T06:32:04+00:00"
+ "time": "2017-12-07T10:13:30+00:00"
},
{
"name": "phpunit/php-file-iterator",
- "version": "dev-master",
+ "version": "1.4.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-file-iterator.git",
- "reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5"
+ "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/3cc8f69b3028d0f96a9078e6295d86e9bf019be5",
- "reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5",
+ "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/730b01bc3e867237eaac355e06a36b85dd93a8b4",
+ "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4",
"shasum": ""
},
"require": {
@@ -819,7 +864,7 @@
"filesystem",
"iterator"
],
- "time": "2016-10-03T07:40:28+00:00"
+ "time": "2017-11-27T13:52:08+00:00"
},
{
"name": "phpunit/php-text-template",
@@ -864,16 +909,16 @@
},
{
"name": "phpunit/php-timer",
- "version": "dev-master",
+ "version": "1.0.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-timer.git",
- "reference": "d107f347d368dd8a384601398280c7c608390ab7"
+ "reference": "9513098641797ce5f459dbc1de5a54c29b0ec1fb"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/d107f347d368dd8a384601398280c7c608390ab7",
- "reference": "d107f347d368dd8a384601398280c7c608390ab7",
+ "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/9513098641797ce5f459dbc1de5a54c29b0ec1fb",
+ "reference": "9513098641797ce5f459dbc1de5a54c29b0ec1fb",
"shasum": ""
},
"require": {
@@ -909,20 +954,20 @@
"keywords": [
"timer"
],
- "time": "2017-03-07T15:42:04+00:00"
+ "time": "2018-01-06T05:27:16+00:00"
},
{
"name": "phpunit/php-token-stream",
- "version": "dev-master",
+ "version": "2.0.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-token-stream.git",
- "reference": "9a02332089ac48e704c70f6cefed30c224e3c0b0"
+ "reference": "13eb9aba9626b1a3811c6a492acc9669d24bb85a"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/9a02332089ac48e704c70f6cefed30c224e3c0b0",
- "reference": "9a02332089ac48e704c70f6cefed30c224e3c0b0",
+ "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/13eb9aba9626b1a3811c6a492acc9669d24bb85a",
+ "reference": "13eb9aba9626b1a3811c6a492acc9669d24bb85a",
"shasum": ""
},
"require": {
@@ -958,20 +1003,20 @@
"keywords": [
"tokenizer"
],
- "time": "2017-08-20T05:47:52+00:00"
+ "time": "2017-11-27T08:47:38+00:00"
},
{
"name": "phpunit/phpunit",
- "version": "dev-master",
+ "version": "6.5.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit.git",
- "reference": "e6e7085fbbd2e25f4ca128ac30c1b0d3dd4ef827"
+ "reference": "80798b8043cb3b4e770c21e64d4fbc2efdda7942"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/e6e7085fbbd2e25f4ca128ac30c1b0d3dd4ef827",
- "reference": "e6e7085fbbd2e25f4ca128ac30c1b0d3dd4ef827",
+ "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/80798b8043cb3b4e770c21e64d4fbc2efdda7942",
+ "reference": "80798b8043cb3b4e770c21e64d4fbc2efdda7942",
"shasum": ""
},
"require": {
@@ -985,12 +1030,12 @@
"phar-io/version": "^1.0",
"php": "^7.0",
"phpspec/prophecy": "^1.7",
- "phpunit/php-code-coverage": "^5.2.2",
- "phpunit/php-file-iterator": "^1.4.2",
+ "phpunit/php-code-coverage": "^5.3",
+ "phpunit/php-file-iterator": "^1.4.3",
"phpunit/php-text-template": "^1.2.1",
"phpunit/php-timer": "^1.0.9",
- "phpunit/phpunit-mock-objects": "^4.0.3",
- "sebastian/comparator": "^2.0.2",
+ "phpunit/phpunit-mock-objects": "^5.0.5",
+ "sebastian/comparator": "^2.1",
"sebastian/diff": "^2.0",
"sebastian/environment": "^3.1",
"sebastian/exporter": "^3.1",
@@ -1016,7 +1061,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-master": "6.4.x-dev"
+ "dev-master": "6.5.x-dev"
}
},
"autoload": {
@@ -1042,33 +1087,33 @@
"testing",
"xunit"
],
- "time": "2017-09-01T08:39:38+00:00"
+ "time": "2018-02-16T06:05:42+00:00"
},
{
"name": "phpunit/phpunit-mock-objects",
- "version": "dev-master",
+ "version": "5.0.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit-mock-objects.git",
- "reference": "2f789b59ab89669015ad984afa350c4ec577ade0"
+ "reference": "e244c19aec6a1f0a2ff9e498b9b4bed22537730a"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/2f789b59ab89669015ad984afa350c4ec577ade0",
- "reference": "2f789b59ab89669015ad984afa350c4ec577ade0",
+ "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/e244c19aec6a1f0a2ff9e498b9b4bed22537730a",
+ "reference": "e244c19aec6a1f0a2ff9e498b9b4bed22537730a",
"shasum": ""
},
"require": {
"doctrine/instantiator": "^1.0.5",
"php": "^7.0",
"phpunit/php-text-template": "^1.2.1",
- "sebastian/exporter": "^3.0"
+ "sebastian/exporter": "^3.1"
},
"conflict": {
"phpunit/phpunit": "<6.0"
},
"require-dev": {
- "phpunit/phpunit": "^6.0"
+ "phpunit/phpunit": "^6.5"
},
"suggest": {
"ext-soap": "*"
@@ -1076,7 +1121,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-master": "4.0.x-dev"
+ "dev-master": "5.0.x-dev"
}
},
"autoload": {
@@ -1091,7 +1136,7 @@
"authors": [
{
"name": "Sebastian Bergmann",
- "email": "sb@sebastian-bergmann.de",
+ "email": "sebastian@phpunit.de",
"role": "lead"
}
],
@@ -1101,7 +1146,7 @@
"mock",
"xunit"
],
- "time": "2017-08-03T14:08:16+00:00"
+ "time": "2018-01-07T17:10:51+00:00"
},
{
"name": "sebastian/code-unit-reverse-lookup",
@@ -1154,21 +1199,21 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/comparator.git",
- "reference": "fb3213355da37bf91569ca7a944af19bc57b80e9"
+ "reference": "34369daee48eafb2651bea869b4b15d75ccc35f9"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/fb3213355da37bf91569ca7a944af19bc57b80e9",
- "reference": "fb3213355da37bf91569ca7a944af19bc57b80e9",
+ "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/34369daee48eafb2651bea869b4b15d75ccc35f9",
+ "reference": "34369daee48eafb2651bea869b4b15d75ccc35f9",
"shasum": ""
},
"require": {
"php": "^7.0",
- "sebastian/diff": "^2.0",
- "sebastian/exporter": "^3.0"
+ "sebastian/diff": "^2.0 || ^3.0",
+ "sebastian/exporter": "^3.1"
},
"require-dev": {
- "phpunit/phpunit": "^6.0"
+ "phpunit/phpunit": "^6.4"
},
"type": "library",
"extra": {
@@ -1210,20 +1255,20 @@
"compare",
"equality"
],
- "time": "2017-08-20T14:03:32+00:00"
+ "time": "2018-02-01T13:46:46+00:00"
},
{
"name": "sebastian/diff",
- "version": "dev-master",
+ "version": "2.0.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/diff.git",
- "reference": "347c1d8b49c5c3ee30c7040ea6fc446790e6bddd"
+ "reference": "abcc70409ddfb310a8cb41ef0c2e857425438cf4"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/347c1d8b49c5c3ee30c7040ea6fc446790e6bddd",
- "reference": "347c1d8b49c5c3ee30c7040ea6fc446790e6bddd",
+ "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/abcc70409ddfb310a8cb41ef0c2e857425438cf4",
+ "reference": "abcc70409ddfb310a8cb41ef0c2e857425438cf4",
"shasum": ""
},
"require": {
@@ -1262,7 +1307,7 @@
"keywords": [
"diff"
],
- "time": "2017-08-03T08:09:46+00:00"
+ "time": "2017-12-14T11:32:19+00:00"
},
{
"name": "sebastian/environment",
@@ -1270,15 +1315,16 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/environment.git",
- "reference": "cd0871b3975fb7fc44d11314fd1ee20925fce4f5"
+ "reference": "eb71ad57e2b937a06c91a60efc647f28187626e9"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/cd0871b3975fb7fc44d11314fd1ee20925fce4f5",
- "reference": "cd0871b3975fb7fc44d11314fd1ee20925fce4f5",
+ "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/eb71ad57e2b937a06c91a60efc647f28187626e9",
+ "reference": "eb71ad57e2b937a06c91a60efc647f28187626e9",
"shasum": ""
},
"require": {
+ "ext-posix": "*",
"php": "^7.0"
},
"require-dev": {
@@ -1312,7 +1358,7 @@
"environment",
"hhvm"
],
- "time": "2017-07-01T08:51:00+00:00"
+ "time": "2018-02-09T07:31:46+00:00"
},
{
"name": "sebastian/exporter",
@@ -1320,12 +1366,12 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/exporter.git",
- "reference": "234199f4528de6d12aaa58b612e98f7d36adb937"
+ "reference": "573f8b71a29cc8afa5f8285d1aee4b4d52717637"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/234199f4528de6d12aaa58b612e98f7d36adb937",
- "reference": "234199f4528de6d12aaa58b612e98f7d36adb937",
+ "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/573f8b71a29cc8afa5f8285d1aee4b4d52717637",
+ "reference": "573f8b71a29cc8afa5f8285d1aee4b4d52717637",
"shasum": ""
},
"require": {
@@ -1379,7 +1425,7 @@
"export",
"exporter"
],
- "time": "2017-04-03T13:19:02+00:00"
+ "time": "2017-11-16T09:48:09+00:00"
},
{
"name": "sebastian/global-state",
@@ -1387,12 +1433,12 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/global-state.git",
- "reference": "e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4"
+ "reference": "a27e666314b2df0ab686c2abdee43ffbda48ac10"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4",
- "reference": "e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4",
+ "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/a27e666314b2df0ab686c2abdee43ffbda48ac10",
+ "reference": "a27e666314b2df0ab686c2abdee43ffbda48ac10",
"shasum": ""
},
"require": {
@@ -1430,7 +1476,7 @@
"keywords": [
"global state"
],
- "time": "2017-04-27T15:39:26+00:00"
+ "time": "2017-11-16T09:49:42+00:00"
},
{
"name": "sebastian/object-enumerator",
@@ -1438,12 +1484,12 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/object-enumerator.git",
- "reference": "7cfd9e65d11ffb5af41198476395774d4c8a84c5"
+ "reference": "a496797f3bd6821bfe2acb594e0901dfb00572dd"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/7cfd9e65d11ffb5af41198476395774d4c8a84c5",
- "reference": "7cfd9e65d11ffb5af41198476395774d4c8a84c5",
+ "url": "https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/a496797f3bd6821bfe2acb594e0901dfb00572dd",
+ "reference": "a496797f3bd6821bfe2acb594e0901dfb00572dd",
"shasum": ""
},
"require": {
@@ -1477,7 +1523,7 @@
],
"description": "Traverses array structures and object graphs to enumerate all referenced objects",
"homepage": "https://github.com/sebastianbergmann/object-enumerator/",
- "time": "2017-08-03T12:35:26+00:00"
+ "time": "2017-11-16T09:50:04+00:00"
},
{
"name": "sebastian/object-reflector",
@@ -1485,12 +1531,12 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/object-reflector.git",
- "reference": "773f97c67f28de00d397be301821b06708fca0be"
+ "reference": "ff755086ff55902772e3fae5dd5f29bcbae68285"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/773f97c67f28de00d397be301821b06708fca0be",
- "reference": "773f97c67f28de00d397be301821b06708fca0be",
+ "url": "https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/ff755086ff55902772e3fae5dd5f29bcbae68285",
+ "reference": "ff755086ff55902772e3fae5dd5f29bcbae68285",
"shasum": ""
},
"require": {
@@ -1522,7 +1568,7 @@
],
"description": "Allows reflection of object attributes, including inherited and non-public ones",
"homepage": "https://github.com/sebastianbergmann/object-reflector/",
- "time": "2017-03-29T09:07:27+00:00"
+ "time": "2018-01-07T16:00:13+00:00"
},
{
"name": "sebastian/recursion-context",
@@ -1530,12 +1576,12 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/recursion-context.git",
- "reference": "a0e54bc9bf04e2c5b302236984cebc277631f0f1"
+ "reference": "0f7f5eb7697036c570aff6812a8efe60c417725e"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/a0e54bc9bf04e2c5b302236984cebc277631f0f1",
- "reference": "a0e54bc9bf04e2c5b302236984cebc277631f0f1",
+ "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/0f7f5eb7697036c570aff6812a8efe60c417725e",
+ "reference": "0f7f5eb7697036c570aff6812a8efe60c417725e",
"shasum": ""
},
"require": {
@@ -1575,7 +1621,7 @@
],
"description": "Provides functionality to recursively process PHP variables",
"homepage": "http://www.github.com/sebastianbergmann/recursion-context",
- "time": "2017-03-07T15:09:59+00:00"
+ "time": "2017-11-16T10:04:08+00:00"
},
{
"name": "sebastian/resource-operations",
@@ -1621,7 +1667,7 @@
},
{
"name": "sebastian/version",
- "version": "dev-master",
+ "version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/version.git",
@@ -1708,12 +1754,12 @@
"source": {
"type": "git",
"url": "https://github.com/webmozart/assert.git",
- "reference": "4a8bf11547e139e77b651365113fc12850c43d9a"
+ "reference": "0df1908962e7a3071564e857d86874dad1ef204a"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/webmozart/assert/zipball/4a8bf11547e139e77b651365113fc12850c43d9a",
- "reference": "4a8bf11547e139e77b651365113fc12850c43d9a",
+ "url": "https://api.github.com/repos/webmozart/assert/zipball/0df1908962e7a3071564e857d86874dad1ef204a",
+ "reference": "0df1908962e7a3071564e857d86874dad1ef204a",
"shasum": ""
},
"require": {
@@ -1750,7 +1796,7 @@
"check",
"validate"
],
- "time": "2016-11-23T20:04:41+00:00"
+ "time": "2018-01-29T19:49:41+00:00"
}
],
"aliases": [],
diff --git a/ext/handle_svg/main.php b/ext/handle_svg/main.php
index 2e58dbd3..2847a092 100644
--- a/ext/handle_svg/main.php
+++ b/ext/handle_svg/main.php
@@ -6,11 +6,19 @@
* Description: Handle static SVG files. (No thumbnail is generated for SVG files)
*/
+use enshrined\svgSanitize\Sanitizer;
+
class SVGFileHandler extends Extension {
public function onDataUpload(DataUploadEvent $event) {
if($this->supported_ext($event->type) && $this->check_contents($event->tmpname)) {
$hash = $event->hash;
- move_upload_to_archive($event);
+
+ $sanitizer = new Sanitizer();
+ $sanitizer->removeRemoteReferences(true);
+ $dirtySVG = file_get_contents($event->tmpname);
+ $cleanSVG = $sanitizer->sanitize($dirtySVG);
+ file_put_contents(warehouse_path("images", $hash), $cleanSVG);
+
send_event(new ThumbnailGenerationEvent($event->hash, $event->type));
$image = $this->create_image_from_data(warehouse_path("images", $hash), $event->metadata);
if(is_null($image)) {
@@ -46,7 +54,12 @@ class SVGFileHandler extends Extension {
$page->set_type("image/svg+xml");
$page->set_mode("data");
- $page->set_data(file_get_contents(warehouse_path("images", $hash)));
+
+ $sanitizer = new Sanitizer();
+ $sanitizer->removeRemoteReferences(true);
+ $dirtySVG = file_get_contents(warehouse_path("images", $hash));
+ $cleanSVG = $sanitizer->sanitize($dirtySVG);
+ $page->set_data($cleanSVG);
}
}
diff --git a/ext/handle_svg/test.php b/ext/handle_svg/test.php
index aaa2c350..f8aaa96c 100644
--- a/ext/handle_svg/test.php
+++ b/ext/handle_svg/test.php
@@ -10,5 +10,13 @@ class SVGHandlerTest extends ShimmiePHPUnitTestCase {
# FIXME: test that the thumb works
# FIXME: test that it gets displayed properly
}
+
+ public function testAbuiveSVG() {
+ $this->log_in_as_user();
+ $image_id = $this->post_image("tests/alert.svg", "something");
+ $this->get_page("post/view/$image_id");
+ $this->get_page("get_svg/$image_id");
+ $this->assert_no_content("script");
+ }
}
diff --git a/tests/alert.svg b/tests/alert.svg
new file mode 100644
index 00000000..7729c9cd
--- /dev/null
+++ b/tests/alert.svg
@@ -0,0 +1,8 @@
+
+
+
diff --git a/tests/phpunit.xml b/tests/phpunit.xml
index 1fdaf756..2edbd4df 100644
--- a/tests/phpunit.xml
+++ b/tests/phpunit.xml
@@ -4,4 +4,11 @@
../ext/
+
+
+ core
+ ext
+ themes/default
+
+
diff --git a/tests/router.php b/tests/router.php
index 5ba314d1..a2255eaa 100644
--- a/tests/router.php
+++ b/tests/router.php
@@ -17,7 +17,7 @@ if(preg_match('/\.(?:png|jpg|jpeg|gif|css|js|php)(\?.*)?$/', $_SERVER["REQUEST_U
}
// all other requests (use shimmie routing based on URL)
-$_SERVER["PHP_SELF"] = '/';
+$_SERVER["PHP_SELF"] = '/index.php';
$_GET['q'] = explode("?", $_SERVER["REQUEST_URI"])[0];
error_log($_GET['q']);
require_once "index.php";