Merge branch 'main' into upload-playable-preview

Author: aguingand

composer.json

@@ -19,6 +19,7 @@
         "ext-mbstring": "*",
         "blade-ui-kit/blade-icons": "^1.6",
         "code16/laravel-content-renderer": "^1.1",
+        "enshrined/svg-sanitize": "^0.21.0",
         "inertiajs/inertia-laravel": "^2.0",
         "intervention/image": "^3.4",
         "laravel/framework": "^11.0|^12.0",

demo/composer.json

@@ -6,6 +6,7 @@
         "bacon/bacon-qr-code": "~2.0",
         "blade-ui-kit/blade-icons": "^1.6",
         "code16/laravel-content-renderer": "^1.2",
+        "enshrined/svg-sanitize": "^0.21.0",
         "guzzlehttp/guzzle": "^7.2",
         "inertiajs/inertia-laravel": "^2.0",
         "intervention/image": "^3.4",

demo/composer.lock

@@ -55,6 +55,7 @@ public function fromFront(SharpFormField $field, string $attribute, $value): ?ar
                         disk: $field->storageDisk(),
                         filePath: $formatted['file_name'],
                         shouldOptimizeImage: $field->isImageOptimize(),
+                        shouldSanitizeSvg: $field->isImageSanitizeSvg(),
                         transformFilters: $field->isImageTransformOriginal()
                             ? ($value['filters'] ?? null)
                             : null,

src/Form/Fields/Formatters/UploadFormatter.php

@@ -23,6 +23,7 @@ class SharpFormUploadField extends SharpFormField
     protected ?Dimensions $imageDimensionConstraints = null;
     protected bool $imageCompactThumbnail = false;
     protected bool $imageOptimize = false;
+    protected bool $imageSanitizeSvg = true;
     protected ?array $imageCropRatio = null;
     protected ?array $imageTransformableFileTypes = null;
 
@@ -93,6 +94,18 @@ public function isImageOptimize(): bool
         return $this->imageOptimize;
     }
 
+    public function setImageSanitizeSvg(bool $imageSanitizeSvg = true): self
+    {
+        $this->imageSanitizeSvg = $imageSanitizeSvg;
+
+        return $this;
+    }
+
+    public function isImageSanitizeSvg(): bool
+    {
+        return $this->imageSanitizeSvg;
+    }
+
     public function setImageCompactThumbnail(bool $compactThumbnail = true): self
     {
         $this->imageCompactThumbnail = $compactThumbnail;

src/Form/Fields/SharpFormUploadField.php

@@ -21,6 +21,7 @@ public function __construct(
         public string $disk,
         public string $filePath,
         public bool $shouldOptimizeImage = true,
+        public bool $shouldSanitizeSvg = true,
         public ?array $transformFilters = null,
         public ?string $instanceId = null,
     ) {}
@@ -45,9 +46,16 @@ public function handle(): void
         if ($this->transformFilters) {
             // There are transformation and field was configured to handle transformation on the source image
             HandleTransformedFileJob::dispatchSync(
-                $tmpDisk,
-                $tmpFilePath,
-                $this->transformFilters
+                disk: $tmpDisk,
+                filePath: $tmpFilePath,
+                transformFilters: $this->transformFilters
+            );
+        }
+
+        if ($this->shouldSanitizeSvg && Storage::disk($tmpDisk)->mimeType($tmpFilePath) === 'image/svg+xml') {
+            SanitizeSvgJob::dispatchSync(
+                disk: $tmpDisk,
+                filePath: $tmpFilePath
             );
         }
 

src/Http/Jobs/HandleUploadedFileJob.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace Code16\Sharp\Http\Jobs;
+
+use enshrined\svgSanitize\Sanitizer;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Support\Facades\Storage;
+
+class SanitizeSvgJob implements ShouldQueue
+{
+    use Dispatchable;
+    use InteractsWithQueue;
+    use Queueable;
+
+    public function __construct(
+        public string $disk,
+        public string $filePath,
+    ) {}
+
+    public function handle(): void
+    {
+        $sanitizer = new Sanitizer();
+        $sanitizer->minify(true);
+        $sanitizer->removeXMLTag(true);
+        $sanitizedSvg = $sanitizer->sanitize(
+            Storage::disk($this->disk)->get($this->filePath)
+        );
+
+        Storage::disk($this->disk)
+            ->put($this->filePath, $sanitizedSvg);
+    }
+}

src/Http/Jobs/SanitizeSvgJob.php

@@ -30,13 +30,15 @@ public function queueHandleUploadedFile(
         string $disk,
         string $filePath,
         bool $shouldOptimizeImage = true,
+        bool $shouldSanitizeSvg = true,
         ?array $transformFilters = null,
     ): void {
         $this->uploadedFileQueue[] = compact(
             'uploadedFileName',
             'disk',
             'filePath',
             'shouldOptimizeImage',
+            'shouldSanitizeSvg',
             'transformFilters',
         );
     }

src/Utils/Uploads/SharpUploadManager.php

@@ -10,6 +10,7 @@
         "ext-json": "*",
         "blade-ui-kit/blade-icons": "^1.7",
         "code16/laravel-content-renderer": "^1.2",
+        "enshrined/svg-sanitize": "^0.21.0",
         "inertiajs/inertia-laravel": "^2.0",
         "intervention/image": "^3.9",
         "intervention/image-laravel": "^1.3",