composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-24 11:08:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°4360 Security hardening

Browse Source
This commit is contained in:
Pierre Goiffon
2021-11-16 09:42:12 +01:00
parent 75450ded1d
commit 8adf743cc7
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/attributedef.class.inc.php
View File

@@ -7351,6 +7351,11 @@ class AttributeImage extends AttributeBlob
{
if ($value instanceof ormDocument && !$value->IsEmpty())
{
if ($value->GetMimeType() === 'image/svg+xml') {
// N°4360 SVG can contain JavaScript...
return false;
}
return ($value->GetMainMimeType() == 'image');
}