diff options
| author | Joas Schilling <coding@schilljs.com> | 2019-06-20 15:23:06 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2019-06-20 15:23:06 +0200 |
| commit | 05381f00d25e380c557a3a1100dd83e75298f130 (patch) | |
| tree | 52482e5a10e06807ce2a032ee065c1a088e5b568 | |
| parent | 4ff3978a6d1f7f6cb85bb7739b68b7dfaf36eb91 (diff) | |
| download | nextcloud-server-05381f00d25e380c557a3a1100dd83e75298f130.tar.gz nextcloud-server-05381f00d25e380c557a3a1100dd83e75298f130.zip | |
Fall back to black for non-color values
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | core/Controller/SvgController.php | 1 | ||||
| -rw-r--r-- | lib/private/Template/IconsCacher.php | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/core/Controller/SvgController.php b/core/Controller/SvgController.php index bbf4e61c60c..b956f724ad8 100644 --- a/core/Controller/SvgController.php +++ b/core/Controller/SvgController.php @@ -111,6 +111,7 @@ class SvgController extends Controller { * * @param string $path * @param string $color + * @param string $fileName * @return DataDisplayResponse|NotFoundResponse */ private function getSvg(string $path, string $color, string $fileName) { diff --git a/lib/private/Template/IconsCacher.php b/lib/private/Template/IconsCacher.php index 9cd4f8bca10..dd83ce78775 100644 --- a/lib/private/Template/IconsCacher.php +++ b/lib/private/Template/IconsCacher.php @@ -184,6 +184,11 @@ class IconsCacher { * @return string */ public function colorizeSvg($svg, $color): string { + if (!preg_match('/^[0-9a-f]{3,6}$/i', $color)) { + // Prevent not-sane colors from being written into the SVG + $color = '000'; + } + // add fill (fill is not present on black elements) $fillRe = '/<((circle|rect|path)((?!fill)[a-z0-9 =".\-#():;,])+)\/>/mi'; $svg = preg_replace($fillRe, '<$1 fill="#' . $color . '"/>', $svg); |