MAGETWO-61189: Stored xss using svg images in Favicon

undefined-olha · undefined-olha · commit ef56615c75a1 · 2017-04-04T10:48:09.000+03:00
diff --git a/app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml
@@ -31,7 +31,7 @@
                             <item name="componentType" xsi:type="string">fileUploader</item>
                             <item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
                             <item name="maxFileSize" xsi:type="number">2097152</item>
-                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                             <item name="uploaderConfig" xsi:type="array">
                                 <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                             </item>
@@ -95,7 +95,7 @@
                             <item name="componentType" xsi:type="string">fileUploader</item>
                             <item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
                             <item name="maxFileSize" xsi:type="number">2097152</item>
-                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                             <item name="uploaderConfig" xsi:type="array">
                                 <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                             </item>
@@ -159,7 +159,7 @@
                             <item name="componentType" xsi:type="string">fileUploader</item>
                             <item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
                             <item name="maxFileSize" xsi:type="number">2097152</item>
-                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                             <item name="uploaderConfig" xsi:type="array">
                                 <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                             </item>
diff --git a/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php b/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
      */
     protected function _getAllowedExtensions()
     {
-        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
+        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
     }
 }
diff --git a/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php b/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
      */
     protected function _getAllowedExtensions()
     {
-        return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
+        return ['jpg', 'jpeg', 'gif', 'png'];
     }
 }
diff --git a/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php b/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php
@@ -73,7 +73,7 @@ public function testBeforeSave()
             ->will($this->returnValue('/tmp/val'));
         $this->uploaderMock->expects($this->once())
             ->method('setAllowedExtensions')
-            ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png', 'svg']));
+            ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png']));
         $this->model->beforeSave();
     }
 }
diff --git a/app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml
@@ -23,7 +23,7 @@
                         <item name="componentType" xsi:type="string">fileUploader</item>
                         <item name="notice" xsi:type="string" translate="true">Allowed file types: jpg, jpeg, gif, png. To optimize logo for high-resolution displays, upload an image that is 3x normal size and then specify 1x dimensions in the width/height fields below.</item>
                         <item name="maxFileSize" xsi:type="number">2097152</item>
-                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                         <item name="uploaderConfig" xsi:type="array">
                             <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                         </item>
diff --git a/app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml
@@ -24,7 +24,7 @@
                             <item name="componentType" xsi:type="string">fileUploader</item>
                             <item name="notice" xsi:type="string" translate="true">Allowed file types: jpeg, gif, png.</item>
                             <item name="maxFileSize" xsi:type="number">2097152</item>
-                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                            <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                             <item name="uploaderConfig" xsi:type="array">
                                 <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                             </item>
diff --git a/app/code/Magento/Theme/Model/Design/Backend/Favicon.php b/app/code/Magento/Theme/Model/Design/Backend/Favicon.php
@@ -43,6 +43,6 @@ protected function _addWhetherScopeInfo()
      */
     public function getAllowedExtensions()
     {
-        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
+        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
     }
 }
diff --git a/app/code/Magento/Theme/Model/Design/Backend/Logo.php b/app/code/Magento/Theme/Model/Design/Backend/Logo.php
@@ -41,6 +41,6 @@ protected function _addWhetherScopeInfo()
      */
     public function getAllowedExtensions()
     {
-        return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
+        return ['jpg', 'jpeg', 'gif', 'png'];
     }
 }
diff --git a/app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml
@@ -65,9 +65,9 @@
                         <item name="label" xsi:type="string" translate="true">Favicon Icon</item>
                         <item name="formElement" xsi:type="string">fileUploader</item>
                         <item name="componentType" xsi:type="string">fileUploader</item>
-                        <item name="notice" xsi:type="string" translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng, svg. Not all browsers support all these formats!</item>
+                        <item name="notice" xsi:type="string" translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng. Not all browsers support all these formats!</item>
                         <item name="maxFileSize" xsi:type="number">2097152</item>
-                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg ico apng</item>
+                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png ico apng</item>
                         <item name="uploaderConfig" xsi:type="array">
                             <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                         </item>
@@ -176,9 +176,9 @@
                         <item name="label" xsi:type="string" translate="true">Logo Image</item>
                         <item name="formElement" xsi:type="string">fileUploader</item>
                         <item name="componentType" xsi:type="string">fileUploader</item>
-                        <item name="notice" xsi:type="string" translate="true">Allowed file types: png, gif, jpg, jpeg, svg.</item>
+                        <item name="notice" xsi:type="string" translate="true">Allowed file types: png, gif, jpg, jpeg.</item>
                         <item name="maxFileSize" xsi:type="number">2097152</item>
-                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png svg</item>
+                        <item name="allowedExtensions" xsi:type="string">jpg jpeg gif png</item>
                         <item name="uploaderConfig" xsi:type="array">
                             <item name="url" xsi:type="string">theme/design_config_fileUploader/save</item>
                         </item>

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()`
`45`	`45`	`*/`
`46`	`46`	`protected function _getAllowedExtensions()`
`47`	`47`	`{`
`48`		`- return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];`
	`48`	`+ return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];`
`49`	`49`	`}`
`50`	`50`	`}`
Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ public function testBeforeSave()`
`73`	`73`	`->will($this->returnValue('/tmp/val'));`
`74`	`74`	`$this->uploaderMock->expects($this->once())`
`75`	`75`	`->method('setAllowedExtensions')`
`76`		`- ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png', 'svg']));`
	`76`	`+ ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png']));`
`77`	`77`	`$this->model->beforeSave();`
`78`	`78`	`}`
`79`	`79`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,6 @@ protected function _addWhetherScopeInfo()`
`43`	`43`	`*/`
`44`	`44`	`public function getAllowedExtensions()`
`45`	`45`	`{`
`46`		`- return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];`
	`46`	`+ return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];`
`47`	`47`	`}`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,6 @@ protected function _addWhetherScopeInfo()`
`41`	`41`	`*/`
`42`	`42`	`public function getAllowedExtensions()`
`43`	`43`	`{`
`44`		`- return ['jpg', 'jpeg', 'gif', 'png', 'svg'];`
	`44`	`+ return ['jpg', 'jpeg', 'gif', 'png'];`
`45`	`45`	`}`
`46`	`46`	`}`