diff --git a/inc/class-main.php b/inc/class-main.php index 7cde4d20b..814eca3c6 100644 --- a/inc/class-main.php +++ b/inc/class-main.php @@ -42,6 +42,7 @@ public function init() { if ( ! function_exists( 'is_wpcom_vip' ) ) { add_filter( 'upload_mimes', array( $this, 'allow_meme_types' ), PHP_INT_MAX ); // phpcs:ignore WordPressVIPMinimum.Hooks.RestrictedHooks.upload_mimes add_filter( 'wp_handle_upload_prefilter', array( $this, 'check_svg_and_sanitize' ) ); + add_filter( 'wp_handle_sideload_prefilter', array( $this, 'check_svg_and_sanitize' ) ); add_filter( 'wp_check_filetype_and_ext', array( $this, 'fix_mime_type_json_svg' ), 75, 3 ); add_filter( 'wp_generate_attachment_metadata', array( $this, 'generate_svg_attachment_metadata' ), PHP_INT_MAX, 2 ); } @@ -398,6 +399,10 @@ public function check_svg_and_sanitize( $file ) { 'otter-blocks' ); } + + $path_info = pathinfo( $file['name'] ); + $unique_suffix = '-' . substr( md5( uniqid() ), 0, 6 ); + $file['name'] = $path_info['filename'] . $unique_suffix . '.' . $path_info['extension']; } return $file; diff --git a/tests/assets/test-img.png b/tests/assets/test-img.png new file mode 100644 index 000000000..252d9502d Binary files /dev/null and b/tests/assets/test-img.png differ diff --git a/tests/test-svg-upload.php b/tests/test-svg-upload.php index 16e776e7a..2c5e10517 100644 --- a/tests/test-svg-upload.php +++ b/tests/test-svg-upload.php @@ -21,7 +21,7 @@ private function handle_upload( $file ) { if ( file_exists( $tmp_path ) ) { return [ - 'name' => $file, + 'name' => $filename, 'type' => 'image/svg+xml', 'tmp_name' => $tmp_path, 'error' => 0, @@ -44,9 +44,29 @@ public function test_svg_upload() { // We check that no error was attached. $this->assertTrue( empty( $response['error'] ) ); + // Check if the filename has been changed. + $this->assertNotEquals( $file['name'], $response['name'] ); + $contents = file_get_contents( $response['tmp_name'] ); // We check that the SVG was sanitized. $this->assertTrue( strpos( $contents, '