upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Merge pull request #59837 from nextcloud/backport/59835/stable32

Browse source
This commit is contained in:
Benjamin Gaussorgues 2026-04-22 17:03:45 +02:00 committed by GitHub
commit 5e53e39403
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
lib/public/Collaboration/Reference/LinkReferenceProvider.php
View file

@ -193,7 +193,7 @@ class LinkReferenceProvider implements IReferenceProvider, IPublicReferenceProvi
$bodyStream = new LimitStream($stream, self::MAX_CONTENT_LENGTH, 0);
$content = $bodyStream->getContents();
if ($contentType === 'image/svg+xml' && stripos(html_entity_decode($content, ENT_XML1), 'XSL/Transform') !== false) {
if ($contentType === 'image/svg+xml' && $this->containsXslt($content)) {
return;
}
@ -230,4 +230,30 @@ class LinkReferenceProvider implements IReferenceProvider, IPublicReferenceProvi
public function getCacheKeyPublic(string $referenceId, string $sharingToken): ?string {
return null;
}
/**
* Check if XML content contains XSLT transformations
*
* XSLT transformations in SVG files can cause memory exhaustion
* in Chromium based browsers when rendered.
*/
private function containsXslt(string $xmlContent): bool {
set_error_handler(function (int $code, string $message): bool {
$this->logger->debug('Failed to parse XML content for XSLT check', ['error' => $message]);
return true;
});
$xml = simplexml_load_string($xmlContent);
restore_error_handler();
$namespaces = $xml ? $xml->getNamespaces(true) : [];
foreach ($namespaces as $namespace) {
if (stripos($namespace, 'XSL/Transform') !== false) {
return true;
}
}
return false;
}
}