[#13499] - SVG support
- Closed
- 13 Mar 2017
- Medium
- Build: staging
- # 13499
- Diff
- dgt41:+++++++svg
User tests: Successful: Unsuccessful:
Pull Request for Issue # .
Summary of Changes
This PR enables svg uploads and introduces a sanitiser for svg files
Sanitizer source: https://github.com/darylldoyle/svg-sanitizer
It is missing some db needed updates, will do them if it gets approved
- This SHOULD NOT interfere with the work currently done in the new media manager group
- The security strike team needs to approve this! so calling @Kubik-Rubik
Testing Instructions
- Apply patch
- Edit media configuration and replace the contents of
Legal Extensions (File Types)with
bmp,csv,doc,gif,ico,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,swf,txt,xcf,xls,svg,BMP,CSV,DOC,GIF,ICO,JPG,JPEG,ODG,ODP,ODS,ODT,PDF,PNG,PPT,SWF,TXT,XCF,XLS,SVG
Try to upload an svg file
Preview
Documentation Changes Required
NOTES
- This PR was created only as a way for the security strike team to evaluate the usage of the SVG sanitisation
- The SVG support is limiting svgs to certain level, as many features (e.g. scripts) will be removed
- This PR was not meant to override the work done in the new media manager group, it's more like a bridge to the security team for an evaluation of a sanitisation library that could possible be used by the new media group
I hope that this clears up my intentions here (speed up the process by involving more people)
This change is
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_media External Library Libraries Repository Unit Tests |
| Labels |
Added:
?
?
|
||
Dimitris is on an older version of composer :) It's regressing the autoload files back from composer 1.3.x to 1.2.x
I sea
| Category | Administration com_media External Library Libraries Repository Unit Tests | ⇒ | External Library Libraries Repository Unit Tests |
Also Joomla is not supporting uploading of webp images...
About webp: https://developers.google.com/speed/webp/
I have tested this item
The SVG uploaded, but I was unable to select it as my intro image or as a normal image, rendering it pointless. I need further instructions to test whether the sanitisation worked.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13499.
I have tested this item
Test OK
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13499.
I have tested this item
@uglyeoin I guess this is not the purpose of this patch. As the title says, it only implements a way to make safe use of svg format.
Check this also : #4674
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13499.
I have tested this item
@uglyeoin I guess this is not the purpose of this patch. As the title says, it only implements a way to make safe use of svg format.
Check this also : #4674
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13499.
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-03-13 12:06:43 |
| Closed_By | ⇒ | dgt41 |
What are those changes in the autoloading files? Those look wrong to me.