From d41a8be8fa6f412ba6f2608141cbda5fb20f093e Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Tue, 3 Sep 2019 12:18:20 -0600
Subject: [PATCH] Sanitize Page Media

---
 CHANGELOG.md                       | 3 ++-
 classes/plugin/AdminController.php | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9129a3ce..fa6d39a9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,8 @@
 ## mm/dd/2019
 
 1. [](#new)
-    * Add ability to Sanitize SVGs on upload
+    * Add ability to Sanitize SVGs on file upload
+    * Add ability to Sanitize SVGs in Page media
 
 # v1.10.0-beta.7
 ## 08/30/2019
diff --git a/classes/plugin/AdminController.php b/classes/plugin/AdminController.php
index 22b4dda9..6fcc1a23 100644
--- a/classes/plugin/AdminController.php
+++ b/classes/plugin/AdminController.php
@@ -2087,7 +2087,6 @@ class AdminController extends AdminBaseController
             return false;
         }
 
-
         $media = $this->getMedia();
         if (!$media) {
             $this->admin->json_response = [
@@ -2105,6 +2104,11 @@ class AdminController extends AdminBaseController
             $path = $locator->findResource($path, true, true);
         }
 
+        // Special Sanitization for SVG
+        if (Utils::contains($extension, 'svg', false)) {
+            Security::sanitizeSVG($_FILES['file']['tmp_name']);
+        }
+
         // Upload it
         if (!move_uploaded_file($_FILES['file']['tmp_name'], sprintf('%s/%s', $path, $filename))) {
             $this->admin->json_response = [