View Issue Details

Jump to NotesJump to History
This bug affects 2 person(s).
 16
IDProjectCategoryView StatusDate SubmittedLast Update
19792Bug reportsTheme editorpublic2024-10-07 11:362025-01-15 13:07
ReporterOMdev Assigned Totibor.pacalat  
PrioritynoneSeveritytweak 
Status feedbackResolutionopen 
Product Version6.5.x 
Summary19792: We upload the SVG file into the template, but it will not be reflected in the dropdown.
Description

We upload the SVG file into the template , but it will not be reflected in the dropdown.

Steps To Reproduce

Steps to reproduce

1. Take the vanilla template and extend it.
2. Upload the SVG file.
3. When we try to change the logo, the SVG file is not shown in the dropdown.

Expected result

When we upload an SVG file, it will show in the dropdown.

Actual result

When we upload an SVG file, it will show in the dropdown.
TagsNo tags attached.
Attached Files
1.png (7,570 bytes)   
1.png (7,570 bytes)   
Bug heat16
Complete LimeSurvey version number (& build)Version 6.5.9+240521
I will donate to the project if issue is resolvedNo
BrowserChrome
Database type & versionNA
Server OS (if known)
Webserver software & version (if known)
PHP VersionNA

Users monitoring this issue

tassoman, OMdev

Activities

DenisChenu

DenisChenu

2024-10-07 11:51

developer   ~81174

Due to potential security issue SVG theme upload are disable by default.
You need to allow it manually via config.php file

https://github.com/LimeSurvey/LimeSurvey/blob/bbdb4dfa8ec79774660973280dff7abb7dbbae0f/application/config/config-defaults.php#L98
https://github.com/LimeSurvey/LimeSurvey/blob/bbdb4dfa8ec79774660973280dff7abb7dbbae0f/application/config/config-defaults.php#L100

Maybe an issue for manual ?
Ping @tibor.pacalat
DenisChenu

DenisChenu

2024-10-07 11:52

developer   ~81175

Move it to manual/documentation issue ?

https://manual.limesurvey.org/index.php?search=SVG
DenisChenu

DenisChenu

2024-10-07 11:54

developer   ~81176

Or maybe :

Steps :

  1. Take the vanilla template and extend it.
  2. Upload the SVG file.

Expected result

Show n error or warning
tassoman

tassoman

2025-01-14 16:16

reporter   ~81813

by using {{ image('files/img.svg') }} you get back empty string. I guess is the same issue. Also {{ imageSrc() }} is not working with SVG files.
Why should be svg insecure as logo / template file? (ok for regular upload)

https://github.com/LimeSurvey/LimeSurvey/blob/bbdb4dfa8ec79774660973280dff7abb7dbbae0f/application/core/LSYii_ImageValidator.php#L56-L65
tassoman

tassoman

2025-01-14 16:24

reporter   ~81814

I whitelisted svg in config and {{ imageSrc() }} started working. I lost one day debugging this undocumented issue.

When file is SVG, {{ image() }} should render as

            <svg >
                <use xlink:href="{{ imageSrc() }}"></use>
            </svg>
DenisChenu

DenisChenu

2025-01-14 16:46

developer   ~81815

by using {{ image('files/img.svg') }} you get back empty string. I guess is the same issue. Also {{ imageSrc() }} is not working with SVG files.

Yes still undocumented https://www.limesurvey.org/manual/index.php?search=SVG

Added : https://www.limesurvey.org/manual/Optional_settings#Allowed_file_upload
tassoman

tassoman

2025-01-14 17:48

reporter   ~81816

Added : https://www.limesurvey.org/manual/Optional_settings#Allowed_file_upload

I contributed with a few lines. I also added notes in twig theming documentation https://www.limesurvey.org/manual/Theme_editor_-_Available_Twig_functions#Image_and_file_source
tibor.pacalat

tibor.pacalat

2025-01-14 17:50

administrator   ~81817

Thank you both! Is there still something to be done for this issue, or I can close it?
DenisChenu

DenisChenu

2025-01-15 13:07

developer   ~81825

Why not move to issue with :

  1. show a proper error if file type is invalid
  2. AND/OR Restrict input file to https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#limiting_accepted_file_types ?

Issue History

Date Modified Username Field Change
2024-10-07 11:36 OMdev New Issue
2024-10-07 11:36 OMdev File Added: 1.png
2024-10-07 11:51 DenisChenu Note Added: 81174
2024-10-07 11:51 DenisChenu Bug heat 0 => 2
2024-10-07 11:52 DenisChenu Assigned To => tibor.pacalat
2024-10-07 11:52 DenisChenu Status new => feedback
2024-10-07 11:52 DenisChenu Note Added: 81175
2024-10-07 11:54 DenisChenu Note Added: 81176
2024-10-07 12:02 OMdev Issue Monitored: OMdev
2024-10-07 12:02 OMdev Bug heat 2 => 4
2025-01-14 16:16 tassoman Note Added: 81813
2025-01-14 16:16 tassoman Bug heat 4 => 6
2025-01-14 16:24 tassoman Note Added: 81814
2025-01-14 16:28 tassoman Issue Monitored: tassoman
2025-01-14 16:28 tassoman Bug heat 6 => 14
2025-01-14 16:46 DenisChenu Note Added: 81815
2025-01-14 17:48 tassoman Note Added: 81816
2025-01-14 17:50 tibor.pacalat Note Added: 81817
2025-01-14 17:50 tibor.pacalat Bug heat 14 => 16
2025-01-15 13:07 DenisChenu Note Added: 81825