paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2026-01-12 21:44:21 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Expanded SVG validation whitelist and additional checks (#11590)

Browse Source
This commit is contained in:
Trenton H
2025-12-12 12:04:04 -08:00
committed by GitHub
parent a1026f03db
commit d9a596d67a
4 changed files with 516 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/paperless/serialisers.py
View File

@@ -10,6 +10,7 @@ from django.contrib.auth.models import Group
from django.contrib.auth.models import Permission
from django.contrib.auth.models import User
from django.contrib.auth.password_validation import validate_password
from django.core.files.uploadedfile import UploadedFile
from rest_framework import serializers
from rest_framework.authtoken.serializers import AuthTokenSerializer
@@ -221,7 +222,7 @@ class ApplicationConfigurationSerializer(serializers.ModelSerializer):
instance.app_logo.delete()
return super().update(instance, validated_data)
def validate_app_logo(self, file):
def validate_app_logo(self, file: UploadedFile):
if file and magic.from_buffer(file.read(2048), mime=True) == "image/svg+xml":
reject_dangerous_svg(file)
return file