SVG Sanitizer Enhanced

2021-03-25 14:10:47 +05:30 · 2021-03-25 14:10:47 +05:30 · 7bbf0c4bb5
parent 3141e28b01
commit 7bbf0c4bb5
3 changed files with 30 additions and 13 deletions
--- a/packages/Webkul/Core/src/Traits/Sanitizer.php
+++ b/packages/Webkul/Core/src/Traits/Sanitizer.php
@ -7,21 +7,42 @@ use enshrined\svgSanitize\Sanitizer as MainSanitizer;

 trait Sanitizer
 {
+    /**
+     * List of mime types which needs to check.
+     */
+    public $mimeTypes = [
+        'image/svg',
+        'image/svg+xml'
+    ];
+
    /**
     * Sanitize SVG file.
     *
     * @param  string  $path
     * @return void
     */
-    public function sanitizeSVG($path)
+    public function sanitizeSVG($path, $mimeType)
    {
-        /* sanitizer instance */
-        $sanitizer = new MainSanitizer();
+        if ($this->checkMimeType($mimeType)) {
+            /* sanitizer instance */
+            $sanitizer = new MainSanitizer();

-        /* grab svg file */
-        $dirtySVG = Storage::get($path);
+            /* grab svg file */
+            $dirtySVG = Storage::get($path);

-        /* save sanitized svg */
-        Storage::put($path, $sanitizer->sanitize($dirtySVG));
+            /* save sanitized svg */
+            Storage::put($path, $sanitizer->sanitize($dirtySVG));
+        }
+    }
+
+    /**
+     * Sanitize SVG file.
+     *
+     * @param  string  $path
+     * @return void
+     */
+    public function checkMimeType($mimeType)
+    {
+        return in_array($mimeType, $this->mimeTypes);
    }
 }
--- a/packages/Webkul/Product/src/Repositories/SearchRepository.php
+++ b/packages/Webkul/Product/src/Repositories/SearchRepository.php
@ -54,9 +54,7 @@ class SearchRepository extends Repository
    {
        $path = request()->file('image')->store('product-search');

-        if ($data['image']->getMimeType() === 'image/svg') {
-            $this->sanitizeSVG($path);
-        }
+        $this->sanitizeSVG($path, $data['image']->getMimeType());

        return Storage::url($path);
    }
--- a/packages/Webkul/Velocity/src/Http/Controllers/Admin/ConfigurationController.php
+++ b/packages/Webkul/Velocity/src/Http/Controllers/Admin/ConfigurationController.php
@ -158,9 +158,7 @@ class ConfigurationController extends Controller
                            $saveImage[substr($imageId, 6, 1)] = $path = request()->file($file)->store($dir);
                        }

-                        if ($image->getMimeType() === 'image/svg') {
-                            $this->sanitizeSVG($path);
-                        }
+                        $this->sanitizeSVG($path, $image->getMimeType());
                    }
                } else {
                    if (isset($advertisement[$index][$imageId]) && $advertisement[$index][$imageId] && !request()->hasFile($file)) {