Merge remote-tracking branch 'origin/support/2.7' into develop

# Conflicts: # core/attributedef.class.inc.php # core/config.class.inc.php # core/htmlsanitizer.class.inc.php # sources/Renderer/RenderingOutput.php # test/core/sanitizer/HTMLDOMSanitizerTest.php # test/integration/DictionariesConsistencyTest.php
2026-04-19 16:48:42 +02:00 · 2021-11-24 15:01:38 +01:00
parent 0c7eee7f9c 2d67594ccf
commit ddd6bf22af
14 changed files with 516 additions and 235 deletions
--- a/core/attributedef.class.inc.php
+++ b/core/attributedef.class.inc.php
@@ -8130,6 +8130,25 @@ class AttributeImage extends AttributeBlob
 		return "Image";
 	}

+	/**
+	 * {@inheritDoc}
+	 * @see AttributeBlob::MakeRealValue()
+	 */
+	public function MakeRealValue($proposedValue, $oHostObj)
+	{
+		$oDoc = parent::MakeRealValue($proposedValue, $oHostObj);
+
+		if (($oDoc instanceof ormDocument)
+			&& (false === $oDoc->IsEmpty())
+			&& ($oDoc->GetMimeType() === 'image/svg+xml')) {
+			$sCleanSvg = HTMLSanitizer::Sanitize($oDoc->GetData(), 'svg_sanitizer');
+			$oDoc = new ormDocument($sCleanSvg, $oDoc->GetMimeType(), $oDoc->GetFileName());
+		}
+
+		// The validation of the MIME Type is done by CheckFormat below
+		return $oDoc;
+	}
+
 	/**
 	 * Check that the supplied ormDocument actually contains an image
 	 * {@inheritDoc}