‪TYPO3CMS  ‪main
SvgSanitizer.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Resource\Security;
19 
20 use enshrined\svgSanitize\Sanitizer;
21 
22 class ‪SvgSanitizer
23 {
28  public function ‪sanitizeFile(string $sourcePath, string $targetPath = null): void
29  {
30  if ($targetPath === null) {
31  $targetPath = $sourcePath;
32  }
33  $svg = file_get_contents($sourcePath);
34  if (!is_string($svg)) {
35  return;
36  }
37  $sanitizedSvg = $this->‪sanitizeContent($svg);
38  if ($sanitizedSvg !== $svg) {
39  file_put_contents($targetPath, $sanitizedSvg);
40  }
41  }
42 
46  public function ‪sanitizeContent(string $svg): string
47  {
48  // @todo: Simplify again when https://github.com/darylldoyle/svg-sanitizer/pull/90 is merged and released.
49  $previousXmlErrorHandling = libxml_use_internal_errors(true);
50  $sanitizer = new Sanitizer();
51  $sanitizer->removeRemoteReferences(true);
52  $sanitizedString = $sanitizer->sanitize($svg) ?: '';
53  libxml_clear_errors();
54  libxml_use_internal_errors($previousXmlErrorHandling);
55  return $sanitizedString;
56  }
57 }
‪TYPO3\CMS\Core\Resource\Security
Definition: FileMetadataPermissionsAspect.php:16
‪TYPO3\CMS\Core\Resource\Security\SvgSanitizer\sanitizeContent
‪sanitizeContent(string $svg)
Definition: SvgSanitizer.php:46
‪TYPO3\CMS\Core\Resource\Security\SvgSanitizer
Definition: SvgSanitizer.php:23
‪TYPO3\CMS\Core\Resource\Security\SvgSanitizer\sanitizeFile
‪sanitizeFile(string $sourcePath, string $targetPath=null)
Definition: SvgSanitizer.php:28