Merge pull request #16021 from nextcloud/bugfix/noid/fall-back-to-black-for-non-color-values

Fall back to black for non-color values

core/Controller/SvgController.php

@@ -111,6 +111,7 @@ class SvgController extends Controller {
 	 *
 	 * @param string $path
 	 * @param string $color
+	 * @param string $fileName
 	 * @return DataDisplayResponse|NotFoundResponse
 	 */
 	private function getSvg(string $path, string $color, string $fileName) {

lib/private/Template/IconsCacher.php

@@ -184,6 +184,11 @@ class IconsCacher {
 	 * @return string
 	 */
 	public function colorizeSvg($svg, $color): string {
+		if (!preg_match('/^[0-9a-f]{3,6}$/i', $color)) {
+			// Prevent not-sane colors from being written into the SVG
+			$color = '000';
+		}
+
 		// add fill (fill is not present on black elements)
 		$fillRe = '/<((circle|rect|path)((?!fill)[a-z0-9 =".\-#():;,])+)\/>/mi';
 		$svg = preg_replace($fillRe, '<$1 fill="#' . $color . '"/>', $svg);