Dolibarr / dolibarr

Dolibarr ERP CRM is a modern software package to manage your company or foundation's activity (contacts, suppliers, invoices, orders, stocks, agenda, accounting, ...). it's an open source Web application (written in PHP) designed for businesses of any sizes, foundations and freelancers.

https://www.dolibarr.org

GNU General Public License v3.0

5.53k stars 2.81k forks source link

Allow usage of SVG files as company logo #15049

Open Magissia opened 4 years ago

Magissia commented 4 years ago

Feature Request

Support SVG files as company logo

Use case

Simple logo are usually made in SVG or equivalent proprietary vector format.

Suggested implementation

Do not purposefully filter SVG files when uploaded as company logo, lib used to generated the PDF invoice seems to support SVG files as per tcpdf examples Modern web browser supports displaying SVG files as seen here

Suggested steps

Checking if any there are other libraries interacting with image files and check if they support SVG files, if they don't, check if project is EOL'd
Remove SVG filtering when uploading files
Add size box to allow arbitrary logo size for SVG files where applicable, such as company logo in company.php

daraelmin commented 3 years ago

Hi,

Did you have tried MAIN_ALLOW_SVG_FILES_AS_IMAGES = 1 ? It allows using SVG file as image files.

More info here: https://wiki.dolibarr.org/index.php?title=Setup_Other

Don't forget to close the issue if this solves it.

Cheers

choybe commented 3 years ago

I have set MAIN_ALLOW_SVG_FILES_AS_IMAGES = 1 but it makes no difference. No SVG do no work.

Patpixel commented 2 years ago

I have set MAIN_ALLOW_SVG_FILES_AS_IMAGES = 1 but it makes no difference. SVG do no work. thank you to help

daraelmin commented 2 years ago

I have set MAIN_ALLOW_SVG_FILES_AS_IMAGES = 1 but it makes no difference. No SVG do no work.

So it's a bug and not a feature request. You should open a new ticket as a bug. I'm not sure why svg files are not permitted but I can imagine it is for sexurity reason.

alsoft10 commented 2 years ago

We are also facing problems uploading the SVG images in Media Browser in the CKE EDITOR. It says Bad Extension. I don't understand why SVG uploading will be disallowed for security reasons. What is the security vulnerability here. Could you explain @daraelmin.

daraelmin commented 2 years ago

We are also facing problems uploading the SVG images in Media Browser in the CKE EDITOR. It says Bad Extension. I don't understand why SVG uploading will be disallowed for security reasons. What is the security vulnerability here. Could you explain @daraelmin.

As svg is a xml file (witch mean that the display of the image is done by code not stored by pixel), it can be used for XXE and XXS attacks.

Cheers

choybe commented 2 years ago

security rerasons or not. When setting MAIN_ALLOW_SVG_FILES_AS_IMAGES = 1 it should work. But it doesn't. I agree with @daraelmin : It is a bug.

madecto commented 1 year ago

This has been referenced in #20716

hregis commented 1 year ago

Maybe add a svg cleaner to avoid problems

https://github.com/darylldoyle/svg-sanitizer

mansia commented 9 months ago

For me, with the variable MAIN_ALLOW_SVG_FILES_AS_IMAGES = 1 set, it's still not working in last stable version (19).

choybe commented 9 months ago

@mansia +1