summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/DefaultSettings.php2
-rw-r--r--includes/MimeMagic.php18
-rw-r--r--includes/upload/UploadBase.php15
3 files changed, 27 insertions, 8 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 850c2cfb..4eb979ac 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -63,7 +63,7 @@ $wgConf = new SiteConfiguration;
* MediaWiki version number
* @since 1.2
*/
-$wgVersion = '1.22.7';
+$wgVersion = '1.22.8';
/**
* Name of the site. It must be changed in LocalSettings.php
diff --git a/includes/MimeMagic.php b/includes/MimeMagic.php
index 8220e92f..9180218b 100644
--- a/includes/MimeMagic.php
+++ b/includes/MimeMagic.php
@@ -570,20 +570,30 @@ class MimeMagic {
* @param string $file
* @param mixed $ext
* @return bool|string
+ * @throws MWException
*/
private function doGuessMimeType( $file, $ext ) { // TODO: remove $ext param
// Read a chunk of the file
wfSuppressWarnings();
- // @todo FIXME: Shouldn't this be rb?
- $f = fopen( $file, 'rt' );
+ $f = fopen( $file, 'rb' );
wfRestoreWarnings();
if ( !$f ) {
return 'unknown/unknown';
}
+
+ $fsize = filesize( $file );
+ if ( $fsize === false ) {
+ return 'unknown/unknown';
+ }
+
$head = fread( $f, 1024 );
- fseek( $f, -65558, SEEK_END );
- $tail = fread( $f, 65558 ); // 65558 = maximum size of a zip EOCDR
+ $tailLength = min( 65558, $fsize ); // 65558 = maximum size of a zip EOCDR
+ if ( fseek( $f, -1 * $tailLength, SEEK_END ) === -1 ) {
+ throw new MWException(
+ "Seeking $tailLength bytes from EOF failed in " . __METHOD__ );
+ }
+ $tail = fread( $f, $tailLength );
fclose( $f );
wfDebug( __METHOD__ . ": analyzing head and tail of $file for magic numbers.\n" );
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index c0c37b3f..40b3b19a 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1283,11 +1283,20 @@ abstract class UploadBase {
return true;
}
- # href with javascript target
- if ( $stripped == 'href' && strpos( strtolower( $value ), 'javascript:' ) !== false ) {
- wfDebug( __METHOD__ . ": Found script in href attribute '$attrib'='$value' in uploaded file.\n" );
+ # href with non-local target (don't allow http://, javascript:, etc)
+ if ( $stripped == 'href'
+ && strpos( $value, 'data:' ) !== 0
+ && strpos( $value, '#' ) !== 0
+ ) {
+ if ( !( $strippedElement === 'a'
+ && preg_match( '!^https?://!im', $value ) )
+ ) {
+ wfDebug( __METHOD__ . ": Found href attribute <$strippedElement "
+ . "'$attrib'='$value' in uploaded file.\n" );
+
return true;
}
+ }
# href with embedded svg as target
if ( $stripped == 'href' && preg_match( '!data:[^,]*image/svg[^,]*,!sim', $value ) ) {