Fix #yogosha4490

htdocs/core/filemanagerdol/browser/default/browser.php

@@ -95,6 +95,10 @@ var sServerPath = GetUrlParam( 'ServerPath' );
 if ( sServerPath.length > 0 )
 	oConnector.ConnectorUrl += 'ServerPath=' + encodeURIComponent( sServerPath ) + '&' ;
 
+/* @CHANGE LDR Overwrite value coming from parameters for security purpose */
+oConnector.ConnectorUrl = '<?php echo DOL_URL_ROOT.'/core/filemanagerdol/connectors/php/connector.php?'; ?>';
+console.log('ConnectorUrl='+oConnector.ConnectorUrl);
+
 oConnector.ResourceType		= GetUrlParam( 'Type' );
 oConnector.ShowAllTypes		= ( oConnector.ResourceType.length == 0 );
 

test/phpunit/imgsvgwithjs.svg

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" preserveAspectRatio="xMidYMid meet" viewBox="0 0 640 640" width="140" height="140"><script>alert('XSS SVG')</script><defs><path d="M77.01 33.36L316.26 33.36L316.26 231.5L77.01 231.5L77.01 33.36Z" id="a8YnqIml8"></path></defs><g><g><g><use xlink:href="#a8YnqIml8" opacity="1" fill="#a462a6" fill-opacity="1"></use></g></g></g></svg>