diff options
| author | Arlo Breault <abreault@wikimedia.org> | 2023-04-28 19:00:50 -0400 |
|---|---|---|
| committer | Reedy <reedy@wikimedia.org> | 2023-06-30 15:46:54 +0000 |
| commit | 50401b2c7e14f37f4743bd9f42eb2c434da858ee (patch) | |
| tree | 48a057b8594ee571ff31bff19980fcf89daa6684 /includes/linker/Linker.php | |
| parent | 4690431357bd8200bf9d17c2d99c16ee9c8b6ef8 (diff) | |
| download | mediawikicore-50401b2c7e14f37f4743bd9f42eb2c434da858ee.tar.gz mediawikicore-50401b2c7e14f37f4743bd9f42eb2c434da858ee.zip | |
SECURITY: Move badFile lookup to Linker
CVE-2023-36674
Bug: T335612
Change-Id: I849d02f1d3dc9995353b7a9995601d214053dca3
Diffstat (limited to 'includes/linker/Linker.php')
| -rw-r--r-- | includes/linker/Linker.php | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/includes/linker/Linker.php b/includes/linker/Linker.php index 36ee07155af9..11283a285816 100644 --- a/includes/linker/Linker.php +++ b/includes/linker/Linker.php @@ -472,7 +472,10 @@ class Linker { $thumb = false; } - if ( !$thumb || ( !$enableLegacyMediaDOM && $thumb->isError() ) ) { + $isBadFile = $file && $thumb && + $parser->getBadFileLookup()->isBadFile( $title->getDBkey(), $parser->getTitle() ); + + if ( !$thumb || ( !$enableLegacyMediaDOM && $thumb->isError() ) || $isBadFile ) { $rdfaType = 'mw:Error ' . $rdfaType; $currentExists = $file && $file->exists(); if ( $enableLegacyMediaDOM ) { @@ -680,6 +683,7 @@ class Linker { $thumb = false; $noscale = false; $manualthumb = false; + $manual_title = ''; $rdfaType = 'mw:File/Thumb'; if ( !$exists ) { @@ -765,6 +769,12 @@ class Linker { . "<div class=\"thumbinner\" style=\"width:{$outerWidth}px;\">"; } + $isBadFile = $exists && $thumb && $parser && + $parser->getBadFileLookup()->isBadFile( + $manualthumb ? $manual_title : $title->getDBkey(), + $parser->getTitle() + ); + if ( !$exists ) { $rdfaType = 'mw:Error ' . $rdfaType; $label = ''; @@ -775,10 +785,16 @@ class Linker { $title, $label, '', '', '', (bool)$time, $handlerParams, false ); $zoomIcon = ''; - } elseif ( !$thumb || ( !$enableLegacyMediaDOM && $thumb->isError() ) ) { + } elseif ( !$thumb || ( !$enableLegacyMediaDOM && $thumb->isError() ) || $isBadFile ) { $rdfaType = 'mw:Error ' . $rdfaType; if ( $enableLegacyMediaDOM ) { - $s .= wfMessage( 'thumbnail_error', '' )->escaped(); + if ( !$thumb ) { + $s .= wfMessage( 'thumbnail_error', '' )->escaped(); + } else { + $s .= self::makeBrokenImageLinkObj( + $title, '', '', '', '', (bool)$time, $handlerParams, true + ); + } } else { if ( $thumb && $thumb->isError() ) { Assert::invariant( @@ -786,8 +802,10 @@ class Linker { 'Unknown MediaTransformOutput: ' . get_class( $thumb ) ); $label = $thumb->toText(); - } else { + } elseif ( !$thumb ) { $label = wfMessage( 'thumbnail_error', '' )->text(); + } else { + $label = ''; } $s .= self::makeBrokenImageLinkObj( $title, $label, '', '', '', (bool)$time, $handlerParams, true |