mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-72242 files: Do not force text filtering of SVG files

Browse Source 
It was a mistake to force filtering of SVG files in MDL-55243. It can
easily lead to corrupted SVG files.

The patch removes that forced filtering and clarifies the inline comment
of what and why we need to do.
This commit is contained in:
David Mudrák 2021-08-02 14:43:21 +02:00
parent dc437b5171
commit 079c0b75ee
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/filelib.php
View File

@ -2529,10 +2529,9 @@ function send_file($path, $filename, $lifetime = null , $filter=0, $pathisstring
$filename = rawurlencode($filename); $filename = rawurlencode($filename);
} }
// We need to force download and force filter the file content for the SVG file. // Make sure we force download of SVG files for security reasons (https://digi.ninja/blog/svg_xss.php).
if (file_is_svg_image_from_mimetype($mimetype)) { if (file_is_svg_image_from_mimetype($mimetype)) {
$forcedownload = true; $forcedownload = true;
$filter = 1;
} }
if ($forcedownload) { if ($forcedownload) {