Remove svg sanitisation usage

This commit is contained in:
Michał Pysiak 2024-10-28 09:51:17 +01:00
parent 697ad04f5b
commit a3ef26fe29
No known key found for this signature in database
GPG key ID: 475188AD401EB310

View file

@ -22,20 +22,10 @@ use Webmozart\Assert\Assert;
class ImageUploader implements ImageUploaderInterface class ImageUploader implements ImageUploaderInterface
{ {
private const MIME_SVG_XML = 'image/svg+xml';
private const MIME_SVG = 'image/svg';
/** @var \enshrined\svgSanitize\Sanitizer|null */
protected ?object $sanitizer = null;
public function __construct( public function __construct(
protected FilesystemAdapterInterface $filesystem, protected readonly FilesystemAdapterInterface $filesystem,
protected ImagePathGeneratorInterface $imagePathGenerator, protected readonly ImagePathGeneratorInterface $imagePathGenerator,
) { ) {
if (class_exists(\enshrined\svgSanitize\Sanitizer::class)) {
$this->sanitizer = new \enshrined\svgSanitize\Sanitizer();
}
} }
public function upload(ImageInterface $image): void public function upload(ImageInterface $image): void
@ -49,8 +39,6 @@ class ImageUploader implements ImageUploaderInterface
Assert::isInstanceOf($file, File::class); Assert::isInstanceOf($file, File::class);
$fileContent = $this->sanitizeContent(file_get_contents($file->getPathname()), $file->getMimeType());
if (null !== $image->getPath() && $this->filesystem->has($image->getPath())) { if (null !== $image->getPath() && $this->filesystem->has($image->getPath())) {
$this->remove($image->getPath()); $this->remove($image->getPath());
} }
@ -61,7 +49,7 @@ class ImageUploader implements ImageUploaderInterface
$image->setPath($path); $image->setPath($path);
$this->filesystem->write($image->getPath(), $fileContent); $this->filesystem->write($image->getPath(), file_get_contents($file->getPathname()));
} }
public function remove(string $path): bool public function remove(string $path): bool
@ -75,15 +63,6 @@ class ImageUploader implements ImageUploaderInterface
return true; return true;
} }
protected function sanitizeContent(string $fileContent, string $mimeType): string
{
if ((self::MIME_SVG_XML === $mimeType || self::MIME_SVG === $mimeType) && $this->sanitizer !== null) {
$fileContent = $this->sanitizer->sanitize($fileContent);
}
return $fileContent;
}
/** /**
* Will return true if the path is prone to be blocked by ad blockers * Will return true if the path is prone to be blocked by ad blockers
*/ */