summaryrefslogtreecommitdiff
path: root/includes/upload
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2014-01-14 19:24:18 +0100
committerPierre Schmitz <pierre@archlinux.de>2014-01-14 19:24:18 +0100
commit224b22a051051f6c2e494c3a2fb4adb42898e2d1 (patch)
tree85a41a4cf8533bf740ec4c8d3affce88414daa56 /includes/upload
parent9937b8e6d6a8b4517c04c143daaf9ebd42ce8ba0 (diff)
Update to MediaWiki 1.22.1
Diffstat (limited to 'includes/upload')
-rw-r--r--includes/upload/UploadBase.php47
1 files changed, 38 insertions, 9 deletions
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 2260241d..916ad6c1 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -250,7 +250,7 @@ abstract class UploadBase {
/**
* @param string $srcPath the source path
- * @return string the real path if it was a virtual URL
+ * @return string|bool the real path if it was a virtual URL Returns false on failure
*/
function getRealPath( $srcPath ) {
wfProfileIn( __METHOD__ );
@@ -259,12 +259,15 @@ abstract class UploadBase {
// @todo just make uploads work with storage paths
// UploadFromStash loads files via virtual URLs
$tmpFile = $repo->getLocalCopy( $srcPath );
- $tmpFile->bind( $this ); // keep alive with $this
- wfProfileOut( __METHOD__ );
- return $tmpFile->getPath();
+ if ( $tmpFile ) {
+ $tmpFile->bind( $this ); // keep alive with $this
+ }
+ $path = $tmpFile ? $tmpFile->getPath() : false;
+ } else {
+ $path = $srcPath;
}
wfProfileOut( __METHOD__ );
- return $srcPath;
+ return $path;
}
/**
@@ -475,9 +478,10 @@ abstract class UploadBase {
return array( 'uploadscripted' );
}
if ( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) {
- if ( $this->detectScriptInSvg( $this->mTempPath ) ) {
+ $svgStatus = $this->detectScriptInSvg( $this->mTempPath );
+ if ( $svgStatus !== false ) {
wfProfileOut( __METHOD__ );
- return array( 'uploadscripted' );
+ return $svgStatus;
}
}
}
@@ -1158,8 +1162,33 @@ abstract class UploadBase {
* @return bool
*/
protected function detectScriptInSvg( $filename ) {
- $check = new XmlTypeCheck( $filename, array( $this, 'checkSvgScriptCallback' ) );
- return $check->filterMatch;
+ $check = new XmlTypeCheck(
+ $filename,
+ array( $this, 'checkSvgScriptCallback' ),
+ true,
+ array( 'processing_instruction_handler' => 'UploadBase::checkSvgPICallback' )
+ );
+ if ( $check->wellFormed !== true ) {
+ // Invalid xml (bug 58553)
+ return array( 'uploadinvalidxml' );
+ } elseif ( $check->filterMatch ) {
+ return array( 'uploadscripted' );
+ }
+ return false;
+ }
+
+ /**
+ * Callback to filter SVG Processing Instructions.
+ * @param $target string processing instruction name
+ * @param $data string processing instruction attribute and value
+ * @return bool (true if the filter identified something bad)
+ */
+ public static function checkSvgPICallback( $target, $data ) {
+ // Don't allow external stylesheets (bug 57550)
+ if ( preg_match( '/xml-stylesheet/i', $target) ) {
+ return true;
+ }
+ return false;
}
/**