FilamentF
Filament3w ago
Matthew

SVG - FileUpload

Does anyone know how to block SVG files being uploaded ?

I'd expect the below code to block an SVG, but they get through fine.

    public static function logoUpload(
        string $id,
        string $label,
        string $hint,
        string $disk = 's3_documents',
        string $directory = '',
        int $numberOfAttachments = 1,
        bool $downloadable = true,
        bool $openable = true,
        string $visibility = 'private'
    ) : FileUpload {
        // @todo: Deal with HEIC file format

        return FileUpload::make($id)
            ->label($label)
            ->disk($disk)
            ->directory(function () use ($directory) {
                $domainName = Domain::getByRequest(request());

                return $directory ?: $domainName->getName();
            })
            ->downloadable($downloadable)
            ->openable($openable)
            ->visibility($visibility)
            ->acceptedFileTypes([
                'image/jpeg',
                'image/png',
            ])
            ->uploadingMessage('Please wait...')
            ->hintIcon('heroicon-m-question-mark-circle', tooltip: $hint)
            ->helperText('Use a PNG, JPG or JPEG file. Max size 100kb. 5:1 aspect ratio logos are recommended. 750x150px is optimal.')
            ->maxFiles($numberOfAttachments)
            ->maxSize(110)
            ->image()
            ->imageResizeTargetWidth(750)
            ->imageResizeTargetHeight(150)
            ->imageResizeMode('force')
            ->imageEditor()
            ->imageEditorMode(2)
            ->imageEditorAspectRatios(['5:1']);
    }


Whilst an SVG with script doesn't execute when called back via panel, it is still sitting on the server now.
Was this page helpful?