Skip to content

Commit ef56615

Browse files
MAGETWO-61189: Stored xss using svg images in Favicon
1 parent 47b5ed2 commit ef56615

File tree

9 files changed

+14
-14
lines changed

9 files changed

+14
-14
lines changed

app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@
3131
<item name="componentType" xsi:type="string">fileUploader</item>
3232
<item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
3333
<item name="maxFileSize" xsi:type="number">2097152</item>
34-
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
34+
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
3535
<item name="uploaderConfig" xsi:type="array">
3636
<item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
3737
</item>
@@ -95,7 +95,7 @@
9595
<item name="componentType" xsi:type="string">fileUploader</item>
9696
<item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
9797
<item name="maxFileSize" xsi:type="number">2097152</item>
98-
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
98+
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
9999
<item name="uploaderConfig" xsi:type="array">
100100
<item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
101101
</item>
@@ -159,7 +159,7 @@
159159
<item name="componentType" xsi:type="string">fileUploader</item>
160160
<item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
161161
<item name="maxFileSize" xsi:type="number">2097152</item>
162-
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
162+
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
163163
<item name="uploaderConfig" xsi:type="array">
164164
<item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
165165
</item>

app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
4545
*/
4646
protected function _getAllowedExtensions()
4747
{
48-
return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
48+
return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
4949
}
5050
}

app/code/Magento/Config/Model/Config/Backend/Image/Logo.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
4545
*/
4646
protected function _getAllowedExtensions()
4747
{
48-
return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
48+
return ['jpg', 'jpeg', 'gif', 'png'];
4949
}
5050
}

app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ public function testBeforeSave()
7373
->will($this->returnValue('/tmp/val'));
7474
$this->uploaderMock->expects($this->once())
7575
->method('setAllowedExtensions')
76-
->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png', 'svg']));
76+
->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png']));
7777
$this->model->beforeSave();
7878
}
7979
}

app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
<item name="componentType" xsi:type="string">fileUploader</item>
2424
<item name="notice" xsi:type="string" translate="true">Allowed file types: jpg, jpeg, gif, png. To optimize logo for high-resolution displays, upload an image that is 3x normal size and then specify 1x dimensions in the width/height fields below.</item>
2525
<item name="maxFileSize" xsi:type="number">2097152</item>
26-
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
26+
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
2727
<item name="uploaderConfig" xsi:type="array">
2828
<item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
2929
</item>

app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
<item name="componentType" xsi:type="string">fileUploader</item>
2525
<item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
2626
<item name="maxFileSize" xsi:type="number">2097152</item>
27-
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
27+
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
2828
<item name="uploaderConfig" xsi:type="array">
2929
<item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
3030
</item>

app/code/Magento/Theme/Model/Design/Backend/Favicon.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,6 @@ protected function _addWhetherScopeInfo()
4343
*/
4444
public function getAllowedExtensions()
4545
{
46-
return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
46+
return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
4747
}
4848
}

app/code/Magento/Theme/Model/Design/Backend/Logo.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,6 @@ protected function _addWhetherScopeInfo()
4141
*/
4242
public function getAllowedExtensions()
4343
{
44-
return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
44+
return ['jpg', 'jpeg', 'gif', 'png'];
4545
}
4646
}

app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -65,9 +65,9 @@
6565
<item name="label" xsi:type="string" translate="true">Favicon Icon</item>
6666
<item name="formElement" xsi:type="string">fileUploader</item>
6767
<item name="componentType" xsi:type="string">fileUploader</item>
68-
<item name="notice" xsi:type="string" translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng, svg. Not all browsers support all these formats!</item>
68+
<item name="notice" xsi:type="string" translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng. Not all browsers support all these formats!</item>
6969
<item name="maxFileSize" xsi:type="number">2097152</item>
70-
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg ico apng</item>
70+
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png ico apng</item>
7171
<item name="uploaderConfig" xsi:type="array">
7272
<item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
7373
</item>
@@ -176,9 +176,9 @@
176176
<item name="label" xsi:type="string" translate="true">Logo Image</item>
177177
<item name="formElement" xsi:type="string">fileUploader</item>
178178
<item name="componentType" xsi:type="string">fileUploader</item>
179-
<item name="notice" xsi:type="string" translate="true">Allowed file types: png, gif, jpg, jpeg, svg.</item>
179+
<item name="notice" xsi:type="string" translate="true">Allowed file types: png, gif, jpg, jpeg.</item>
180180
<item name="maxFileSize" xsi:type="number">2097152</item>
181-
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
181+
<item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
182182
<item name="uploaderConfig" xsi:type="array">
183183
<item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
184184
</item>

0 commit comments

Comments
 (0)