From 3cab0a257d59ceb6f3497e46b8da98ef7fa7b9f6 Mon Sep 17 00:00:00 2001 From: Denny Lubitz Date: Thu, 15 Feb 2024 21:40:42 +0100 Subject: [PATCH] TASK: Cleanup SVG Sanitzer workaround after 0.17.0 release --- Neos.Media.Browser/Classes/Controller/AssetController.php | 4 ---- Neos.Media.Browser/composer.json | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/Neos.Media.Browser/Classes/Controller/AssetController.php b/Neos.Media.Browser/Classes/Controller/AssetController.php index df10decc2a4..e49dc7aef29 100644 --- a/Neos.Media.Browser/Classes/Controller/AssetController.php +++ b/Neos.Media.Browser/Classes/Controller/AssetController.php @@ -1032,15 +1032,11 @@ private function forwardWithConstraints(string $actionName, string $controllerNa private function checkForMaliciousContent(AssetProxyInterface $assetProxy): bool { if ($assetProxy->getMediaType() == 'image/svg+xml') { - // @todo: Simplify again when https://github.com/darylldoyle/svg-sanitizer/pull/90 is merged and released. - $previousXmlErrorHandling = libxml_use_internal_errors(true); $sanitizer = new Sanitizer(); $resource = stream_get_contents($assetProxy->getImportStream()); $sanitizer->sanitize($resource); - libxml_clear_errors(); - libxml_use_internal_errors($previousXmlErrorHandling); $issues = $sanitizer->getXmlIssues(); if ($issues && count($issues) > 0) { return true; diff --git a/Neos.Media.Browser/composer.json b/Neos.Media.Browser/composer.json index 494fd4f244b..79107ecfe52 100644 --- a/Neos.Media.Browser/composer.json +++ b/Neos.Media.Browser/composer.json @@ -24,7 +24,7 @@ "neos/error-messages": "*", "doctrine/common": "^2.7 || ^3.0", "doctrine/orm": "^2.6", - "enshrined/svg-sanitize": "^0.16.0" + "enshrined/svg-sanitize": "^0.17.0" }, "autoload": { "psr-4": {