[HippoCMS-scm] [Git][cms-community/hippo-cms][release/5.0] CMS-11039 [Backport 12.0] Improvement on validation of svg images

Mon, 15 Jan 2018 02:20:13 -0800 

Sergey Shepelevich pushed to branch release/5.0 at cms-community / hippo-cms


Commits:
7d7a4dcf by Sergey Shepelevich at 2018-01-15T11:09:18+01:00
CMS-11039 [Backport 12.0] Improvement on validation of svg images

(cherry picked from commit 72f67873c02debabd56fe1cf53f22c010d1a8fb8)

- - - - -


1 changed file:

- 
gallery/frontend/src/main/java/org/hippoecm/frontend/plugins/gallery/GalleryWorkflowPlugin.java


Changes:

=====================================
gallery/frontend/src/main/java/org/hippoecm/frontend/plugins/gallery/GalleryWorkflowPlugin.java
=====================================
--- 
a/gallery/frontend/src/main/java/org/hippoecm/frontend/plugins/gallery/GalleryWorkflowPlugin.java
+++ 
b/gallery/frontend/src/main/java/org/hippoecm/frontend/plugins/gallery/GalleryWorkflowPlugin.java
@@ -27,6 +27,7 @@ import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 
 import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.wicket.Component;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
@@ -144,7 +145,7 @@ public class GalleryWorkflowPlugin extends 
CompatibilityWorkflowPlugin<GalleryWo
                         .getAsBoolean(SVG_SCRIPTS_ENABLED, false);
                 if (!svgScriptsEnabled && Objects.equals(mimeType, 
SVG_MIME_TYPE)) {
                     final String svgContent = IOUtils.toString(is, 
StandardCharsets.UTF_8);
-                    if (svgContent.contains("<script")) {
+                    if (StringUtils.containsIgnoreCase(svgContent, "<script")) 
{
                         throw new SvgScriptGalleryException("SVG images with 
embedded script are not supported.");
                     }
                     is.reset();



View it on GitLab: 
https://code.onehippo.org/cms-community/hippo-cms/commit/7d7a4dcfc11a0f7123ecf820a1bff4bc62eafc75

---
View it on GitLab: 
https://code.onehippo.org/cms-community/hippo-cms/commit/7d7a4dcfc11a0f7123ecf820a1bff4bc62eafc75
You're receiving this email because of your account on code.onehippo.org.

_______________________________________________
Hippocms-svn mailing list
Hippocms-svn@lists.onehippo.org
https://lists.onehippo.org/mailman/listinfo/hippocms-svn

Reply via email to