Changeset 14328 in josm for trunk/src/com/kitfox/svg/ImageSVG.java

Timestamp:

2018-10-14T15:15:50+02:00 (7 years ago)

Author:

Don-vip

Message:

see #14319, see #16838 - update to svgSalamander 1.1.2

File:

• trunk/src/com/kitfox/svg/ImageSVG.java (modified) (3 diffs)

trunk/src/com/kitfox/svg/ImageSVG.java

@@ -115 +115 @@
             {
                 URI src = sty.getURIValue(getXMLBase());
-                // CVE-2017-5617: Allow only data scheme
                 if ("data".equals(src.getScheme()))
                 {
                     imageSrc = new URL(null, src.toASCIIString(), new Handler());
                 }
+                else 
+                {
+                    if (!diagram.getUniverse().isImageDataInlineOnly())
+                    {
+                        try
+                        {
+                            imageSrc = src.toURL();
+                        } catch (Exception e)
+                        {
+                            Logger.getLogger(SVGConst.SVG_LOGGER).log(Level.WARNING,
+                                "Could not parse xlink:href " + src, e);
+                            imageSrc = null;
+                        }
+                    }
+                }
             }
         } catch (Exception e)
@@ -126 +140 @@
         }
 
-        if (imageSrc != null)
-        {
-            diagram.getUniverse().registerImage(imageSrc);
-
-            //Set widths if not set
-            BufferedImage img = diagram.getUniverse().getImage(imageSrc);
-            if (img == null)
-            {
-                xform = new AffineTransform();
-                bounds = new Rectangle2D.Float();
-                return;
-            }
-
-            if (width == 0)
-            {
-                width = img.getWidth();
-            }
-            if (height == 0)
-            {
-                height = img.getHeight();
-            }
-
-            //Determine image xform
+        diagram.getUniverse().registerImage(imageSrc);
+
+        //Set widths if not set
+        BufferedImage img = diagram.getUniverse().getImage(imageSrc);
+        if (img == null)
+        {
             xform = new AffineTransform();
-            xform.translate(this.x, this.y);
-            xform.scale(this.width / img.getWidth(), this.height / img.getHeight());
-        }
+            bounds = new Rectangle2D.Float();
+            return;
+        }
+
+        if (width == 0)
+        {
+            width = img.getWidth();
+        }
+        if (height == 0)
+        {
+            height = img.getHeight();
+        }
+
+        //Determine image xform
+        xform = new AffineTransform();
+        xform.translate(this.x, this.y);
+        xform.scale(this.width / img.getWidth(), this.height / img.getHeight());
 
         bounds = new Rectangle2D.Float(this.x, this.y, this.width, this.height);
@@ -326 +337 @@
                 URI src = sty.getURIValue(getXMLBase());
 
-                URL newVal = null;
-                // CVE-2017-5617: Allow only data scheme
+                URL newVal;
                 if ("data".equals(src.getScheme()))
                 {
                     newVal = new URL(null, src.toASCIIString(), new Handler());
+                } else
+                {
+                    newVal = src.toURL();
                 }
 
-                if (newVal != null && !newVal.equals(imageSrc))
+                if (!newVal.equals(imageSrc))
                 {
                     imageSrc = newVal;