Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639)

* Added enshrined/svg-sanitize

* Added modular image resizing/SVG cleaning method

(This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.)

* Use improved handleImages method to upload/resize/clean images

* Removed $old_image

This is handled in the ImageUpload request now
This commit is contained in:
snipe
2019-12-05 22:23:05 -08:00
committed by GitHub
parent 3f5840d390
commit e71e57f16a
14 changed files with 160 additions and 359 deletions
+2 -22
View File
@@ -91,16 +91,7 @@ class ComponentsController extends Controller
$component->user_id = Auth::id();
if ($request->file('image')) {
$image = $request->file('image');
$file_name = str_random(25).".".$image->getClientOriginalExtension();
$path = public_path('uploads/components/'.$file_name);
Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
$constraint->aspectRatio();
$constraint->upsize();
})->save($path);
$component->image = $file_name;
}
$component = $request->handleImages($component,600, public_path().'/uploads/components');
if ($component->save()) {
return redirect()->route('components.index')->with('success', trans('admin/components/message.create.success'));
@@ -164,18 +155,7 @@ class ComponentsController extends Controller
$component->purchase_cost = request('purchase_cost');
$component->qty = Input::get('qty');
if ($request->file('image')) {
$image = $request->file('image');
$file_name = str_random(25).".".$image->getClientOriginalExtension();
$path = public_path('uploads/components/'.$file_name);
Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
$constraint->aspectRatio();
$constraint->upsize();
})->save($path);
$component->image = $file_name;
} elseif ($request->input('image_delete')=='1') {
$component->image = null;
}
$component = $request->handleImages($component,600, public_path().'/uploads/components');
if ($component->save()) {
return redirect()->route('components.index')->with('success', trans('admin/components/message.update.success'));