Hello 😊
Possible que je me trompe, mais je crois que cela correspond avec les tickets:
https://core.spip.net/issues/3482
https://core.spip.net/issues/2970

Donc à voir s'il ne faudrait pas faire la fermeture !
Franck

-----Message d'origine-----
De : spip-zone-com...@rezo.net <spip-zone-com...@rezo.net> 
Envoyé : jeudi 18 juillet 2019 16:51
À : spip-zone-com...@rezo.net
Objet : [Spip-zone-commit] r116012 - in _core_/plugins/medias

Author: ced...@yterium.com
Date: 2019-07-18 14:50:43 +0000 (Thu, 18 Jul 2019) New Revision: 116012

Added:
   _core_/plugins/medias/lib/svg-sanitizer/
   _core_/plugins/medias/lib/svg-sanitizer/LICENSE
   _core_/plugins/medias/lib/svg-sanitizer/README.md
   _core_/plugins/medias/lib/svg-sanitizer/composer.json
   _core_/plugins/medias/lib/svg-sanitizer/composer.lock
   _core_/plugins/medias/lib/svg-sanitizer/phpunit.xml.dist
   _core_/plugins/medias/lib/svg-sanitizer/src/
   _core_/plugins/medias/lib/svg-sanitizer/src/Sanitizer.php
   _core_/plugins/medias/lib/svg-sanitizer/src/data/
   _core_/plugins/medias/lib/svg-sanitizer/src/data/AllowedAttributes.php
   _core_/plugins/medias/lib/svg-sanitizer/src/data/AllowedTags.php
   _core_/plugins/medias/lib/svg-sanitizer/src/data/AttributeInterface.php
   _core_/plugins/medias/lib/svg-sanitizer/src/data/TagInterface.php
   _core_/plugins/medias/lib/svg-sanitizer/src/svg-scanner.php
Modified:
   _core_/plugins/medias/metadata/svg.php
   _core_/plugins/medias/paquet.xml
Log:
Sanitizer les SVG :
- on reprend la lib svg-sanitizer https://github.com/darylldoyle/svg-sanitizer 
utilisee sur le plugin logo-svg https://github.com/cariagency/spip-logo-svg
- on sanitize systematiquement, que l'utilisateur soit admin ou non, car il 
upload une image sans forcement etre conscient que ca peut contenir des scripts

(merci Maieul)




Details: https://zone.spip.org/trac/spip-zone/changeset/116012

_______________________________________________
spip-zone-com...@rezo.net - 
https://listes.rezo.net/mailman/listinfo/spip-zone-commit

----
spip-zone@rezo.net - https://listes.rezo.net/mailman/listinfo/spip-zone

Répondre à