<?php
/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Commercial License (PCL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PCL
*/
namespace Pimcore\Bundle\CoreBundle\EventListener;
use enshrined\svgSanitize\Sanitizer;
use Pimcore\Event\AssetEvents;
use Pimcore\Event\Model\ElementEventInterface;
use Pimcore\Model\Asset;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Mime\MimeTypes;
/**
* @internal
*/
class AssetSanitizationListener implements EventSubscriberInterface
{
public static function getSubscribedEvents()
{
return [
AssetEvents::PRE_ADD => 'sanitizeAsset',
AssetEvents::PRE_UPDATE => 'sanitizeAsset',
];
}
/**
* @param ElementEventInterface $e
*/
public function sanitizeAsset(ElementEventInterface $e)
{
$element = $e->getElement();
if ($element instanceof Asset\Image && $element->getDataChanged()) {
$assetStream = $element->getStream();
if (isset($assetStream)) {
$streamMetaData = stream_get_meta_data($assetStream);
$mime = MimeTypes::getDefault()->guessMimeType($streamMetaData['uri']);
if ($mime === 'image/svg+xml') {
$sanitizedData = $this->sanitizeSVG(stream_get_contents($assetStream));
$element->setData($sanitizedData);
}
}
}
}
/**
* @param string $fileContent
*
* @return string
*
* @throws \Exception
*/
protected function sanitizeSVG(string $fileContent)
{
$sanitizer = new Sanitizer();
$sanitizedFileContent = $sanitizer->sanitize($fileContent);
if (!$sanitizedFileContent) {
throw new \Exception('SVG Sanitization failed, probably due badly formatted XML.');
}
return $sanitizedFileContent;
}
}