Commit e3e451ed authored by Sergey Shepelevich's avatar Sergey Shepelevich

CMS-11040 [Backport 11.2] Improvement on validation of svg images

(Cherry picked from commit 0de7f2a4)
parent fe29f268
......@@ -205,12 +205,11 @@ public abstract class GalleryUploadPanel extends Panel {
final boolean svgScriptsEnabled = pluginConfig.getAsBoolean(SVG_SCRIPTS_ENABLED, false);
if (!svgScriptsEnabled && Objects.equals(mimetype, SVG_MIME_TYPE)) {
final String svgContent = IOUtils.toString(istream, "UTF-8");
if (svgContent.contains("<script")) {
istream.close();
final String svgContent = new String(upload.getBytes());
if (StringUtils.containsIgnoreCase(svgContent,"<script")) {
IOUtils.closeQuietly(istream);
throw new SvgScriptGalleryException("SVG images with embedded script are not supported.");
}
istream.reset();
}
//Get the selected folder from the folderReference Service
......
......@@ -143,11 +143,10 @@ public class GalleryWorkflowPlugin extends CompatibilityWorkflowPlugin<GalleryWo
final boolean svgScriptsEnabled = GalleryWorkflowPlugin.this.getPluginConfig()
.getAsBoolean(SVG_SCRIPTS_ENABLED, false);
if (!svgScriptsEnabled && Objects.equals(mimeType, SVG_MIME_TYPE)) {
final String svgContent = IOUtils.toString(is, "UTF-8");
final String svgContent = new String(upload.getBytes());
if (StringUtils.containsIgnoreCase(svgContent, "<script")) {
throw new SvgScriptGalleryException("SVG images with embedded script are not supported.");
}
is.reset();
}
WorkflowDescriptorModel workflowDescriptorModel = (WorkflowDescriptorModel) GalleryWorkflowPlugin.this
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment