From 07553aa6b22827ed189cc63bd82958ed8c5180ed Mon Sep 17 00:00:00 2001 From: Rakibul 1971 Date: Mon, 14 Oct 2024 12:48:27 +0600 Subject: [PATCH] fix uploading xss contained file with multiple svg file where first file is xss code free --- .../Controllers/Comment_Controller.php | 8 ++---- .../Discussion_Board_Controller.php | 8 ++---- src/File/Helper/File.php | 25 +++++++++++-------- 3 files changed, 19 insertions(+), 22 deletions(-) diff --git a/src/Comment/Controllers/Comment_Controller.php b/src/Comment/Controllers/Comment_Controller.php index f60749d6..4d1b187f 100644 --- a/src/Comment/Controllers/Comment_Controller.php +++ b/src/Comment/Controllers/Comment_Controller.php @@ -81,9 +81,7 @@ public function store( WP_REST_Request $request ) { $files = array_key_exists( 'files', $media_data ) ? $media_data['files'] : null; - $file_type = $files['type'][0]; - - if( HelperFile::check_file_for_xss_code( $file_type, $files ) ){ + if( HelperFile::check_file_for_xss_code( $files ) ){ return wp_send_json( [ 'error_type' => 'svg_xss', @@ -129,9 +127,7 @@ public function update( WP_REST_Request $request ) { // An array of files $files = array_key_exists( 'files', $media_data ) ? $media_data['files'] : null; - $file_type = $files['type'][0]; - - if( HelperFile::check_file_for_xss_code( $file_type, $files ) ){ + if( HelperFile::check_file_for_xss_code( $files ) ){ return wp_send_json( [ 'error_type' => 'svg_xss', diff --git a/src/Discussion_Board/Controllers/Discussion_Board_Controller.php b/src/Discussion_Board/Controllers/Discussion_Board_Controller.php index f2518731..188bf643 100644 --- a/src/Discussion_Board/Controllers/Discussion_Board_Controller.php +++ b/src/Discussion_Board/Controllers/Discussion_Board_Controller.php @@ -75,9 +75,7 @@ public function store( WP_REST_Request $request ) { $milestone_id = $request->get_param( 'milestone' ); $files = array_key_exists( 'files', $media_data ) ? $media_data['files'] : null; - $file_type = $files['type'][0]; - - if( HelperFile::check_file_for_xss_code( $file_type, $files ) ){ + if( HelperFile::check_file_for_xss_code( $files ) ){ return wp_send_json( [ 'error_type' => 'svg_xss', @@ -121,9 +119,7 @@ public function update( WP_REST_Request $request ) { $files = array_key_exists( 'files', $media_data ) ? $media_data['files'] : null; $files_to_delete = $request->get_param( 'files_to_delete' ); - $file_type = $files['type'][0]; - - if( HelperFile::check_file_for_xss_code( $file_type, $files ) ){ + if( HelperFile::check_file_for_xss_code( $files ) ){ return wp_send_json( [ 'error_type' => 'svg_xss', diff --git a/src/File/Helper/File.php b/src/File/Helper/File.php index 7235bd2d..91a26e27 100644 --- a/src/File/Helper/File.php +++ b/src/File/Helper/File.php @@ -53,16 +53,21 @@ public static function get_results( $params = [] ) { return $response; } - public static function check_file_for_xss_code( $file_type, $files ) { - if ( $file_type === 'image/svg+xml' ) { - $svg_tmp_name = $files['tmp_name'][0]; - - $svg_content = file_get_contents($svg_tmp_name); - - if ( self::contains_xss_code($svg_content) ) { - return true; - } - } + public static function check_file_for_xss_code( $files ) { + if (isset($files['type']) && is_array($files['type'])) { + + foreach ($files['type'] as $index => $file_type) { + + if ($file_type === 'image/svg+xml') { + $svg_tmp_name = $files['tmp_name'][$index]; + $svg_content = file_get_contents($svg_tmp_name); + + if (self::contains_xss_code($svg_content)) { + return true; + } + } + } + } return false; }