Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-05-05 16:16:32 +02:00
Code Issues Packages Projects Releases Activity

Merge remote-tracking branch 'origin/1.10' into 1.10

Browse Source
This commit is contained in:
Matias Griese
2019-09-06 14:28:03 +03:00
parent a5bceca905 d41a8be8fa
commit f52816814a
5 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@@ -1,3 +1,10 @@
# v1.10.0-beta.8
## mm/dd/2019
1. [](#new)
* Add ability to Sanitize SVGs on file upload
* Add ability to Sanitize SVGs in Page media
# v1.10.0-beta.7
## 08/30/2019

6
blueprints.yaml
View File

@@ -1,5 +1,5 @@
name: Admin Panel
version: 1.10.0-beta.7
version: 1.10.0-beta.8-dev
testing: true
description: Adds an advanced administration panel to manage your site
icon: empire
@@ -14,8 +14,8 @@ docs: https://github.com/getgrav/grav-plugin-admin/blob/develop/README.md
license: MIT
dependencies:
- { name: grav, version: '>=1.7.0-beta.7' }
- { name: form, version: '>=3.0.7' }
- { name: grav, version: '>=1.7.0-beta.8' }
- { name: form, version: '>=4.0.0-rc.5' }
- { name: login, version: '>=3.0.3' }
- { name: email, version: '>=3.0.2' }

6
classes/plugin/AdminBaseController.php
View File

@@ -10,6 +10,7 @@ use Grav\Common\Grav;
use Grav\Common\Media\Interfaces\MediaInterface;
use Grav\Common\Page\Interfaces\PageInterface;
use Grav\Common\Page\Media;
use Grav\Common\Security;
use Grav\Common\Uri;
use Grav\Common\User\Interfaces\UserInterface;
use Grav\Common\Utils;
@@ -388,6 +389,11 @@ class AdminBaseController
return false;
}
// Special Sanitization for SVG
if (Utils::contains($mime, 'svg', false)) {
Security::sanitizeSVG($tmp);
}
$upload->file->tmp_name = $tmp;
// Retrieve the current session of the uploaded files for the field

6
classes/plugin/AdminController.php
View File

@@ -2087,7 +2087,6 @@ class AdminController extends AdminBaseController
return false;
}
$media = $this->getMedia();
if (!$media) {
$this->admin->json_response = [
@@ -2105,6 +2104,11 @@ class AdminController extends AdminBaseController
$path = $locator->findResource($path, true, true);
}
// Special Sanitization for SVG
if (Utils::contains($extension, 'svg', false)) {
Security::sanitizeSVG($_FILES['file']['tmp_name']);
}
// Upload it
if (!move_uploaded_file($_FILES['file']['tmp_name'], sprintf('%s/%s', $path, $filename))) {
$this->admin->json_response = [

2
languages/en.yaml
View File

@@ -845,3 +845,5 @@ PLUGIN_ADMIN:
FLEX: "Flex Object (EXPERIMENTAL)"
REGULAR: "Regular"
FILE: "File"
SANITIZE_SVG: "Sanitize SVG"
SANITIZE_SVG_HELP: "Removes any XSS code from SVG"