Merge remote-tracking branch 'origin/support/2.6' into support/2.7

# Conflicts:
#	core/htmlsanitizer.class.inc.php
This commit is contained in:
Pierre Goiffon
2021-11-23 17:56:26 +01:00
11 changed files with 584 additions and 260 deletions

View File

@@ -7978,6 +7978,13 @@ class AttributeImage extends AttributeBlob
{
$oDoc = parent::MakeRealValue($proposedValue, $oHostObj);
if (($oDoc instanceof ormDocument)
&& (false === $oDoc->IsEmpty())
&& ($oDoc->GetMimeType() === 'image/svg+xml')) {
$sCleanSvg = HTMLSanitizer::Sanitize($oDoc->GetData(), 'svg_sanitizer');
$oDoc = new ormDocument($sCleanSvg, $oDoc->GetMimeType(), $oDoc->GetFileName());
}
// The validation of the MIME Type is done by CheckFormat below
return $oDoc;
}