From 350300e584f24e67e785cab28eb264bd7301acd3 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 15 May 2024 23:38:24 +0200 Subject: [PATCH] fix: Extend SVG reference check Signed-off-by: Joas Schilling --- lib/private/Preview/SVG.php | 2 +- tests/lib/Preview/SVGTest.php | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/lib/private/Preview/SVG.php b/lib/private/Preview/SVG.php index fd47208353338..14bdfc46096ac 100644 --- a/lib/private/Preview/SVG.php +++ b/lib/private/Preview/SVG.php @@ -53,7 +53,7 @@ public function getThumbnail(File $file, int $maxX, int $maxY): ?IImage { } // Do not parse SVG files with references - if (stripos($content, 'xlink:href') !== false) { + if (preg_match('/["\s](xlink:)?href\s*=/i', $content)) { return null; } diff --git a/tests/lib/Preview/SVGTest.php b/tests/lib/Preview/SVGTest.php index e48018a301b17..07e96eec9ab65 100644 --- a/tests/lib/Preview/SVGTest.php +++ b/tests/lib/Preview/SVGTest.php @@ -43,4 +43,33 @@ protected function setUp(): void { $this->markTestSkipped('No SVG provider present'); } } + + public function dataGetThumbnailSVGHref(): array { + return [ + ['href'], + [' href'], + ["\nhref"], + ['xlink:href'], + [' xlink:href'], + ["\nxlink:href"], + ]; + } + + /** + * @dataProvider dataGetThumbnailSVGHref + * @requires extension imagick + */ + public function testGetThumbnailSVGHref(string $content): void { + $handle = fopen('php://temp', 'w+'); + fwrite($handle, ' + +'); + rewind($handle); + + $file = $this->createMock(\OCP\Files\File::class); + $file->method('fopen') + ->willReturn($handle); + + self::assertNull($this->provider->getThumbnail($file, 512, 512)); + } }