projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e804b88) | patch
Remove SVG from the list of safe file extensions
authorAlexander Ebert <ebert@woltlab.com>
Tue, 18 Jun 2024 09:20:32 +0000 (11:20 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Tue, 18 Jun 2024 09:20:32 +0000 (11:20 +0200)
commitf0d53506c5024ea1390bd7da06148e648443f1e5
tree918cb0967986d6d3a07ac63bbcdc2753a6a4d481tree | snapshot (tar.gz zip)
parente804b8867cb0835f7a9c62ced345a05a668c22a2commit | diff
Remove SVG from the list of safe file extensions

Serving SVG from untrusted sources directly can be a security issue. SVG can contain JavaScript code that is executed when the file is opened in a standalone tab.
wcfsetup/install/files/lib/data/file/File.class.php diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)