From ef50e75212077a4cf356f5606d3d3b2a72944d09 Mon Sep 17 00:00:00 2001 From: nokonoko Date: Wed, 12 May 2021 13:34:14 +0200 Subject: [PATCH] add svg to blacklist --- README.md | 4 ++-- static/php/includes/settings.inc.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b2d935f..dfea255 100644 --- a/README.md +++ b/README.md @@ -89,8 +89,8 @@ These scripts check if DB entries and files are older then 24 hours and if they Blocking certain filetypes from being uploaded can be changed by editing the following settings in `includes/settings.inc.php`: ```php -define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml'])); -define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary'])); +define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml', 'svg'])); +define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml'])); ``` By default the most common malicious filetypes are blocked. diff --git a/static/php/includes/settings.inc.php b/static/php/includes/settings.inc.php index e8445d0..31782fb 100644 --- a/static/php/includes/settings.inc.php +++ b/static/php/includes/settings.inc.php @@ -75,8 +75,8 @@ define('ID_CHARSET', 'abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ'); //$FILTER_MIME = array("application/octet-stream", "application/msword", "text/html", "application/x-dosexec", "application/zip", "application/java", "application/java-archive", "application/pdf", "application/x-executable"); //$FILTER_EXT = array("exe", "scr", "com", "vbs", "bat", "cmd", "htm", "html", "zip", "jar", "msi", "apk", "pdf"); -define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml'])); -define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary'])); +define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml', 'svg'])); +define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml'])); /** * Filter mode: whitelist (true) or blacklist (false).