james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/shish/shimmie2

Browse Source
This commit is contained in:
Shish 2018-02-20 22:23:58 +00:00
commit a6d84ad1d8
6 changed files with 141 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@ -29,6 +29,7 @@
"ifixit/php-akismet" : "1.*", "ifixit/php-akismet" : "1.*",
"google/recaptcha" : "~1.1", "google/recaptcha" : "~1.1",
"dapphp/securimage" : "3.6.*", "dapphp/securimage" : "3.6.*",
"enshrined/svg-sanitize" : "0.8.2",
"bower-asset/jquery" : "1.12.3", "bower-asset/jquery" : "1.12.3",
"bower-asset/jquery-timeago" : "1.5.2", "bower-asset/jquery-timeago" : "1.5.2",

176
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "040335a85a560b3bdd3dcf55490c98a1", "content-hash": "7f6f5b16df991e848ec468b49c856dea",
"packages": [ "packages": [
{ {
"name": "bower-asset/jquery", "name": "bower-asset/jquery",
@ -91,32 +91,32 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/christianbach/tablesorter.git", "url": "https://github.com/christianbach/tablesorter.git",
"reference": "774576308e8a25aa9d68b7fe3069b79543992d7a" "reference": "07e0918254df3c2057d6d8e4653a0769f1881412"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/christianbach/tablesorter/zipball/774576308e8a25aa9d68b7fe3069b79543992d7a", "url": "https://api.github.com/repos/christianbach/tablesorter/zipball/07e0918254df3c2057d6d8e4653a0769f1881412",
"reference": "774576308e8a25aa9d68b7fe3069b79543992d7a", "reference": "07e0918254df3c2057d6d8e4653a0769f1881412",
"shasum": null "shasum": null
}, },
"type": "bower-asset", "type": "bower-asset",
"license": [ "license": [
"MIT,GPL" "MIT,GPL"
], ],
"time": "2015-12-03T01:22:52+00:00" "time": "2017-12-20T18:16:21+00:00"
}, },
{ {
"name": "dapphp/securimage", "name": "dapphp/securimage",
"version": "3.6.5", "version": "3.6.6",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/dapphp/securimage.git", "url": "https://github.com/dapphp/securimage.git",
"reference": "3f5a84fd80b1a35d58332896c944142713a7e802" "reference": "6eea2798f56540fa88356c98f282d6391a72be15"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/dapphp/securimage/zipball/3f5a84fd80b1a35d58332896c944142713a7e802", "url": "https://api.github.com/repos/dapphp/securimage/zipball/6eea2798f56540fa88356c98f282d6391a72be15",
"reference": "3f5a84fd80b1a35d58332896c944142713a7e802", "reference": "6eea2798f56540fa88356c98f282d6391a72be15",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -150,7 +150,44 @@
"captcha", "captcha",
"security" "security"
], ],
"time": "2016-12-04T17:45:57+00:00" "time": "2017-11-21T02:29:19+00:00"
},
{
"name": "enshrined/svg-sanitize",
"version": "0.8.2",
"source": {
"type": "git",
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
"reference": "432fc4fc7e95b8a866790ba27e35076b9dd96ebe"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/432fc4fc7e95b8a866790ba27e35076b9dd96ebe",
"reference": "432fc4fc7e95b8a866790ba27e35076b9dd96ebe",
"shasum": ""
},
"require-dev": {
"codeclimate/php-test-reporter": "^0.1.2",
"phpunit/phpunit": "^4.7"
},
"type": "library",
"autoload": {
"psr-4": {
"enshrined\\svgSanitize\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"GPL-2.0+"
],
"authors": [
{
"name": "Daryll Doyle",
"email": "daryll@enshrined.co.uk"
}
],
"description": "An SVG sanitizer for PHP",
"time": "2017-12-06T15:31:26+00:00"
}, },
{ {
"name": "flexihash/flexihash", "name": "flexihash/flexihash",
@ -318,37 +355,40 @@
}, },
{ {
"name": "myclabs/deep-copy", "name": "myclabs/deep-copy",
"version": "1.x-dev", "version": "1.7.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/myclabs/DeepCopy.git", "url": "https://github.com/myclabs/DeepCopy.git",
"reference": "8e6e04167378abf1ddb4d3522d8755c5fd90d102" "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/8e6e04167378abf1ddb4d3522d8755c5fd90d102", "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e",
"reference": "8e6e04167378abf1ddb4d3522d8755c5fd90d102", "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"php": ">=5.4.0" "php": "^5.6 || ^7.0"
}, },
"require-dev": { "require-dev": {
"doctrine/collections": "1.*", "doctrine/collections": "^1.0",
"phpunit/phpunit": "~4.1" "doctrine/common": "^2.6",
"phpunit/phpunit": "^4.1"
}, },
"type": "library", "type": "library",
"autoload": { "autoload": {
"psr-4": { "psr-4": {
"DeepCopy\\": "src/DeepCopy/" "DeepCopy\\": "src/DeepCopy/"
} },
"files": [
"src/DeepCopy/deep_copy.php"
]
}, },
"notification-url": "https://packagist.org/downloads/", "notification-url": "https://packagist.org/downloads/",
"license": [ "license": [
"MIT" "MIT"
], ],
"description": "Create deep copies (clones) of your objects", "description": "Create deep copies (clones) of your objects",
"homepage": "https://github.com/myclabs/DeepCopy",
"keywords": [ "keywords": [
"clone", "clone",
"copy", "copy",
@ -356,11 +396,11 @@
"object", "object",
"object graph" "object graph"
], ],
"time": "2017-04-12T18:52:22+00:00" "time": "2017-10-19T19:58:43+00:00"
}, },
{ {
"name": "phpdocumentor/reflection-common", "name": "phpdocumentor/reflection-common",
"version": "dev-master", "version": "1.0.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/phpDocumentor/ReflectionCommon.git", "url": "https://github.com/phpDocumentor/ReflectionCommon.git",
@ -414,22 +454,22 @@
}, },
{ {
"name": "phpdocumentor/reflection-docblock", "name": "phpdocumentor/reflection-docblock",
"version": "3.2.2", "version": "3.3.2",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
"reference": "4aada1f93c72c35e22fb1383b47fee43b8f1d157" "reference": "bf329f6c1aadea3299f08ee804682b7c45b326a2"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/4aada1f93c72c35e22fb1383b47fee43b8f1d157", "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/bf329f6c1aadea3299f08ee804682b7c45b326a2",
"reference": "4aada1f93c72c35e22fb1383b47fee43b8f1d157", "reference": "bf329f6c1aadea3299f08ee804682b7c45b326a2",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"php": ">=5.5", "php": "^5.6 || ^7.0",
"phpdocumentor/reflection-common": "^1.0@dev", "phpdocumentor/reflection-common": "^1.0.0",
"phpdocumentor/type-resolver": "^0.3.0", "phpdocumentor/type-resolver": "^0.4.0",
"webmozart/assert": "^1.0" "webmozart/assert": "^1.0"
}, },
"require-dev": { "require-dev": {
@ -455,20 +495,20 @@
} }
], ],
"description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
"time": "2017-08-08T06:39:58+00:00" "time": "2017-11-10T14:09:06+00:00"
}, },
{ {
"name": "phpdocumentor/type-resolver", "name": "phpdocumentor/type-resolver",
"version": "0.3.0", "version": "0.4.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/phpDocumentor/TypeResolver.git", "url": "https://github.com/phpDocumentor/TypeResolver.git",
"reference": "fb3933512008d8162b3cdf9e18dba9309b7c3773" "reference": "9c977708995954784726e25d0cd1dddf4e65b0f7"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/fb3933512008d8162b3cdf9e18dba9309b7c3773", "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/9c977708995954784726e25d0cd1dddf4e65b0f7",
"reference": "fb3933512008d8162b3cdf9e18dba9309b7c3773", "reference": "9c977708995954784726e25d0cd1dddf4e65b0f7",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -502,7 +542,7 @@
"email": "me@mikevanriel.com" "email": "me@mikevanriel.com"
} }
], ],
"time": "2017-06-03T08:32:36+00:00" "time": "2017-07-14T14:27:02+00:00"
}, },
{ {
"name": "phpspec/prophecy", "name": "phpspec/prophecy",
@ -510,12 +550,12 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/phpspec/prophecy.git", "url": "https://github.com/phpspec/prophecy.git",
"reference": "c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6" "reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/phpspec/prophecy/zipball/c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6", "url": "https://api.github.com/repos/phpspec/prophecy/zipball/dfd6be44111a7c41c2e884a336cc4f461b3b2401",
"reference": "c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6", "reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -527,7 +567,7 @@
}, },
"require-dev": { "require-dev": {
"phpspec/phpspec": "^2.5|^3.2", "phpspec/phpspec": "^2.5|^3.2",
"phpunit/phpunit": "^4.8 || ^5.6.5" "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5"
}, },
"type": "library", "type": "library",
"extra": { "extra": {
@ -565,7 +605,7 @@
"spy", "spy",
"stub" "stub"
], ],
"time": "2017-09-04T11:05:03+00:00" "time": "2018-02-19T10:16:54+00:00"
}, },
{ {
"name": "phpunit/php-code-coverage", "name": "phpunit/php-code-coverage",
@ -632,16 +672,16 @@
}, },
{ {
"name": "phpunit/php-file-iterator", "name": "phpunit/php-file-iterator",
"version": "dev-master", "version": "1.4.x-dev",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/php-file-iterator.git", "url": "https://github.com/sebastianbergmann/php-file-iterator.git",
"reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5" "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/3cc8f69b3028d0f96a9078e6295d86e9bf019be5", "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/730b01bc3e867237eaac355e06a36b85dd93a8b4",
"reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5", "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -675,7 +715,7 @@
"filesystem", "filesystem",
"iterator" "iterator"
], ],
"time": "2016-10-03T07:40:28+00:00" "time": "2017-11-27T13:52:08+00:00"
}, },
{ {
"name": "phpunit/php-text-template", "name": "phpunit/php-text-template",
@ -720,16 +760,16 @@
}, },
{ {
"name": "phpunit/php-timer", "name": "phpunit/php-timer",
"version": "dev-master", "version": "1.0.x-dev",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/php-timer.git", "url": "https://github.com/sebastianbergmann/php-timer.git",
"reference": "d107f347d368dd8a384601398280c7c608390ab7" "reference": "9513098641797ce5f459dbc1de5a54c29b0ec1fb"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/d107f347d368dd8a384601398280c7c608390ab7", "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/9513098641797ce5f459dbc1de5a54c29b0ec1fb",
"reference": "d107f347d368dd8a384601398280c7c608390ab7", "reference": "9513098641797ce5f459dbc1de5a54c29b0ec1fb",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -765,7 +805,7 @@
"keywords": [ "keywords": [
"timer" "timer"
], ],
"time": "2017-03-07T15:42:04+00:00" "time": "2018-01-06T05:27:16+00:00"
}, },
{ {
"name": "phpunit/php-token-stream", "name": "phpunit/php-token-stream",
@ -773,12 +813,12 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/php-token-stream.git", "url": "https://github.com/sebastianbergmann/php-token-stream.git",
"reference": "958103f327daef5dd0bb328dec53e0a9e43cfaf7" "reference": "58bd196ce8bc49389307b3787934a5117db80fea"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/958103f327daef5dd0bb328dec53e0a9e43cfaf7", "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/58bd196ce8bc49389307b3787934a5117db80fea",
"reference": "958103f327daef5dd0bb328dec53e0a9e43cfaf7", "reference": "58bd196ce8bc49389307b3787934a5117db80fea",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -814,7 +854,7 @@
"keywords": [ "keywords": [
"tokenizer" "tokenizer"
], ],
"time": "2017-03-07T08:21:50+00:00" "time": "2017-12-04T15:11:28+00:00"
}, },
{ {
"name": "phpunit/phpunit", "name": "phpunit/phpunit",
@ -822,12 +862,12 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/phpunit.git", "url": "https://github.com/sebastianbergmann/phpunit.git",
"reference": "4eba3374803c6c0903145e8940844e6f1d665c07" "reference": "b7803aeca3ccb99ad0a506fa80b64cd6a56bbc0c"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/4eba3374803c6c0903145e8940844e6f1d665c07", "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/b7803aeca3ccb99ad0a506fa80b64cd6a56bbc0c",
"reference": "4eba3374803c6c0903145e8940844e6f1d665c07", "reference": "b7803aeca3ccb99ad0a506fa80b64cd6a56bbc0c",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -851,8 +891,8 @@
"sebastian/global-state": "^1.1", "sebastian/global-state": "^1.1",
"sebastian/object-enumerator": "~2.0", "sebastian/object-enumerator": "~2.0",
"sebastian/resource-operations": "~1.0", "sebastian/resource-operations": "~1.0",
"sebastian/version": "~1.0.3|~2.0", "sebastian/version": "^1.0.6|^2.0.1",
"symfony/yaml": "~2.1|~3.0" "symfony/yaml": "~2.1|~3.0|~4.0"
}, },
"conflict": { "conflict": {
"phpdocumentor/reflection-docblock": "3.0.2" "phpdocumentor/reflection-docblock": "3.0.2"
@ -896,7 +936,7 @@
"testing", "testing",
"xunit" "xunit"
], ],
"time": "2017-09-01T08:38:37+00:00" "time": "2018-02-01T05:50:59+00:00"
}, },
{ {
"name": "phpunit/phpunit-mock-objects", "name": "phpunit/phpunit-mock-objects",
@ -1429,7 +1469,7 @@
}, },
{ {
"name": "sebastian/version", "name": "sebastian/version",
"version": "dev-master", "version": "2.0.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/version.git", "url": "https://github.com/sebastianbergmann/version.git",
@ -1476,12 +1516,12 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/yaml.git", "url": "https://github.com/symfony/yaml.git",
"reference": "a0e15688972f012156cf1ffa076fe1203bce6bc9" "reference": "6af42631dcf89e9c616242c900d6c52bd53bd1bb"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/yaml/zipball/a0e15688972f012156cf1ffa076fe1203bce6bc9", "url": "https://api.github.com/repos/symfony/yaml/zipball/6af42631dcf89e9c616242c900d6c52bd53bd1bb",
"reference": "a0e15688972f012156cf1ffa076fe1203bce6bc9", "reference": "6af42631dcf89e9c616242c900d6c52bd53bd1bb",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -1526,7 +1566,7 @@
], ],
"description": "Symfony Yaml Component", "description": "Symfony Yaml Component",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"time": "2017-09-17T10:10:45+00:00" "time": "2018-02-16T09:50:28+00:00"
}, },
{ {
"name": "webmozart/assert", "name": "webmozart/assert",
@ -1534,12 +1574,12 @@
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/webmozart/assert.git", "url": "https://github.com/webmozart/assert.git",
"reference": "4a8bf11547e139e77b651365113fc12850c43d9a" "reference": "0df1908962e7a3071564e857d86874dad1ef204a"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/webmozart/assert/zipball/4a8bf11547e139e77b651365113fc12850c43d9a", "url": "https://api.github.com/repos/webmozart/assert/zipball/0df1908962e7a3071564e857d86874dad1ef204a",
"reference": "4a8bf11547e139e77b651365113fc12850c43d9a", "reference": "0df1908962e7a3071564e857d86874dad1ef204a",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -1576,7 +1616,7 @@
"check", "check",
"validate" "validate"
], ],
"time": "2016-11-23T20:04:41+00:00" "time": "2018-01-29T19:49:41+00:00"
} }
], ],
"aliases": [], "aliases": [],

2
core/sys_config.inc.php
View File

@ -36,7 +36,7 @@ _d("COMPILE_ELS", false); // boolean pre-build the list of event listeners
_d("NICE_URLS", false); // boolean force niceurl mode _d("NICE_URLS", false); // boolean force niceurl mode
_d("SEARCH_ACCEL", false); // boolean use search accelerator _d("SEARCH_ACCEL", false); // boolean use search accelerator
_d("WH_SPLITS", 1); // int how many levels of subfolders to put in the warehouse _d("WH_SPLITS", 1); // int how many levels of subfolders to put in the warehouse
_d("VERSION", '2.6.1'); // string shimmie version _d("VERSION", '2.6.2'); // string shimmie version
_d("TIMEZONE", null); // string timezone _d("TIMEZONE", null); // string timezone
_d("CORE_EXTS", "bbcode,user,mail,upload,image,view,handle_pixel,ext_manager,setup,upgrade,handle_404,comment,tag_list,index,tag_edit,alias_editor"); // extensions to always enable _d("CORE_EXTS", "bbcode,user,mail,upload,image,view,handle_pixel,ext_manager,setup,upgrade,handle_404,comment,tag_list,index,tag_edit,alias_editor"); // extensions to always enable
_d("EXTRA_EXTS", ""); // string optional extra extensions _d("EXTRA_EXTS", ""); // string optional extra extensions

17
ext/handle_svg/main.php
View File

@ -6,11 +6,19 @@
* Description: Handle static SVG files. (No thumbnail is generated for SVG files) * Description: Handle static SVG files. (No thumbnail is generated for SVG files)
*/ */
use enshrined\svgSanitize\Sanitizer;
class SVGFileHandler extends Extension { class SVGFileHandler extends Extension {
public function onDataUpload(DataUploadEvent $event) { public function onDataUpload(DataUploadEvent $event) {
if($this->supported_ext($event->type) && $this->check_contents($event->tmpname)) { if($this->supported_ext($event->type) && $this->check_contents($event->tmpname)) {
$hash = $event->hash; $hash = $event->hash;
move_upload_to_archive($event);
$sanitizer = new Sanitizer();
$sanitizer->removeRemoteReferences(true);
$dirtySVG = file_get_contents($event->tmpname);
$cleanSVG = $sanitizer->sanitize($dirtySVG);
file_put_contents(warehouse_path("images", $hash), $cleanSVG);
send_event(new ThumbnailGenerationEvent($event->hash, $event->type)); send_event(new ThumbnailGenerationEvent($event->hash, $event->type));
$image = $this->create_image_from_data(warehouse_path("images", $hash), $event->metadata); $image = $this->create_image_from_data(warehouse_path("images", $hash), $event->metadata);
if(is_null($image)) { if(is_null($image)) {
@ -46,7 +54,12 @@ class SVGFileHandler extends Extension {
$page->set_type("image/svg+xml"); $page->set_type("image/svg+xml");
$page->set_mode("data"); $page->set_mode("data");
$page->set_data(file_get_contents(warehouse_path("images", $hash)));
$sanitizer = new Sanitizer();
$sanitizer->removeRemoteReferences(true);
$dirtySVG = file_get_contents(warehouse_path("images", $hash));
$cleanSVG = $sanitizer->sanitize($dirtySVG);
$page->set_data($cleanSVG);
} }
} }

8
ext/handle_svg/test.php
View File

@ -10,5 +10,13 @@ class SVGHandlerTest extends ShimmiePHPUnitTestCase {
# FIXME: test that the thumb works # FIXME: test that the thumb works
# FIXME: test that it gets displayed properly # FIXME: test that it gets displayed properly
} }
public function testAbuiveSVG() {
$this->log_in_as_user();
$image_id = $this->post_image("tests/alert.svg", "something");
$this->get_page("post/view/$image_id");
$this->get_page("get_svg/$image_id");
$this->assert_no_content("script");
}
} }

8
tests/alert.svg Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" width="100" height="100">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">
alert(document.location);
</script>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 411 B