Skip to content

[Bug]: Incorrect validation for svg files #6843

Closed
#6844
Closed
[Bug]: Incorrect validation for svg files#6843
#6844
Labels
Status: New
@ufoloko

Description

@ufoloko
ufoloko
opened on Dec 10, 2025

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

Im trying to upload some svg files but im receiving error The content of 'XXXX.svg' is not valid.

Steps to reproduce?

1.- Create a little bit complex svg with linear gradient or radial gradient
2.- Try to upload file from file management module
3.- You will receive an error

Current Behavior

If svg is a little bit complex, with linear gradient or radial gradient for example, file is not allowed and you receive an error The content of 'file.svg' is not valid

Expected Behavior

It should be able to uplado any "real" svg files.

Relevant log output

2025-12-10 12:24:56.066-06:00 [condor1426][D:2][T:45][ERROR] DotNetNuke.Web.InternalServices.FileUploadController - DotNetNuke.Services.FileSystem.InvalidFileContentException: The content of 'BackTarjetasHome.svg' is not valid.  The file has not been added.
   at DotNetNuke.Services.FileSystem.FileManager.CheckFileWritingRestrictions(IFolderInfo folder, String fileName, Stream fileContent, IFileInfo oldFile, Int32 createdByUserId, Boolean ignoreWhiteList)
   at DotNetNuke.Services.FileSystem.FileManager.AddFile(IFolderInfo folder, String fileName, Stream fileContent, Boolean overwrite, Boolean checkPermissions, Boolean ignoreWhiteList, String contentType, Int32 createdByUserID)
   at DotNetNuke.Services.FileSystem.FileManager.AddFile(IFolderInfo folder, String fileName, Stream fileContent, Boolean overwrite, Boolean checkPermissions, String contentType, Int32 createdByUserID)
   at DotNetNuke.Web.InternalServices.FileUploadController.UploadFile(IHostSettings hostSettings, Stream stream, Int32 portalId, UserInfo userInfo, String folder, String filter, String fileName, Boolean overwrite, Boolean isHostPortal, Boolean extract, String validationCode)

Anything else?

After check the issue and the files involved, i found file SvgFileChecker.cs, specifically in line

Dnn.Platform/DNN Platform/Library/Services/FileSystem/Internal/SecurityCheckers/SvgFileChecker.cs

Line 17 in c78992a

private static readonly HashSet<string> AllowedSvgElements =
you have allowed svg elements, there you have elements like lineargradient and radialgradient (all lowercase) but generally image edition apps use linealGradient and radialGradient values (notice camel case). So for this reason files are not recognized as svg, because comparison with svg elements is case sensitive. I think some code should ignore case comparison.

Affected Versions

10.1.2 (latest v10 release)

What browsers are you seeing the problem on?

Chrome

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: New

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions