Merge pull request #115 from gschlager/master

Avoid detecting arbitrary XML as SVG
sdsykes · Jun 2, 2020 · 2decef3 · 2decef3
2 parents 12a7dc4 + 2e0436c
commit 2decef3
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/lib/fastimage.rb b/lib/fastimage.rb
@@ -502,7 +502,7 @@ def parse_type
     when "RI"
       :webp if @stream.peek(12)[8..11] == "WEBP"
     when "<s"
-      :svg
+      :svg if @stream.peek(4) == "<svg"
     when /<[?!]/
       # Peek 10 more chars each time, and if end of file is reached just raise
       # unknown. We assume the <svg tag cannot be within 10 chars of the end of

diff --git a/test/fixtures/test2.xml b/test/fixtures/test2.xml
@@ -0,0 +1,5 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+  <soap:Body>
+    <foo />
+  </soap:Body>
+</soap:Envelope>
diff --git a/test/test.rb b/test/test.rb
@@ -44,6 +44,7 @@
   "faulty.jpg",
   "test_rgb.ct",
   "test.xml",
+  "test2.xml",
   "a.CR2",
   "a.CRW"
 ]
@@ -150,9 +151,11 @@ def test_should_raise_image_fetch_failure_error_if_net_unreach_exception_happens
     end
   end
 
-  def test_should_raise_unknown_image_typ_when_file_is_non_svg_xml
-    assert_raises(FastImage::UnknownImageType) do
-      FastImage.size(TestUrl + "test.xml", :raise_on_failure=>true)
+  def test_should_raise_unknown_image_type_when_file_is_non_svg_xml
+    ["test.xml", "test2.xml"].each do |fn|
+      assert_raises(FastImage::UnknownImageType) do
+        FastImage.size(TestUrl + fn, :raise_on_failure=>true)
+      end
     end
   end