Fix problema di sicurezza upload file svg e xml

src/Models/Upload.php

@@ -206,7 +206,7 @@ class Upload extends Model
      */
     public function isImage()
     {
-        $list = ['jpg', 'png', 'gif', 'jpeg', 'bmp'];
+        $list = ['jpg', 'png', 'gif', 'jpeg', 'bmp', 'svg'];
 
         return in_array($this->extension, $list);
     }

view.php

@@ -29,6 +29,14 @@ if (empty($file)) {
 
 $link = base_path().'/'.$file->filepath;
 
+// Force download of the file
+if (get('force') == '1') {
+    header('Content-Type: application/octet-stream');
+    header("Content-Transfer-Encoding: Binary"); 
+    header("Content-disposition: attachment; filename=\"" . basename($file->original_name) . "\""); 
+    readfile($docroot.'/'.$file->filepath);
+    exit();
+} else {
     if ($file->isFatturaElettronica()) {
         $content = file_get_contents(base_dir().'/'.$file->filepath);
 
@@ -87,8 +95,9 @@ if ($file->isFatturaElettronica()) {
             }
 
             echo '
-    <iframe src="'.($link ?: $src).'">
+        <iframe src="'.base_path().'/view.php?file_id='.$file_id.'&force=1">
-        <a src="'.$link.'">'.tr('Il browser non supporta i contenuti iframe: clicca qui per raggiungere il file originale').'</a>
+            <a src="'.base_path().'/view.php?file_id='.$file_id.'&force=1">'.tr('Il browser non supporta i contenuti iframe: clicca qui per raggiungere il file originale').'</a>
         </iframe>';
         }
     }
+}