moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-07 09:56:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'MDL-72242-311-svgforcedfilter' of git://github.com/mudrd8mz/moodle into MOODLE_311_STABLE

Browse source
This commit is contained in:
Eloy Lafuente (stronk7) 2021-08-11 11:40:05 +02:00
commit 9bcac8370b
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/filelib.php
View file

@ -2529,10 +2529,9 @@ function send_file($path, $filename, $lifetime = null , $filter=0, $pathisstring
$filename = rawurlencode($filename); $filename = rawurlencode($filename);
} }
// We need to force download and force filter the file content for the SVG file. // Make sure we force download of SVG files for security reasons (https://digi.ninja/blog/svg_xss.php).
if (file_is_svg_image_from_mimetype($mimetype)) { if (file_is_svg_image_from_mimetype($mimetype)) {
$forcedownload = true; $forcedownload = true;
$filter = 1;
} }
if ($forcedownload) { if ($forcedownload) {