| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
A constant is not a variable. The type is hard-coded via the value
and can never change. While the extra @var probably doesn't hurt much,
it's redundant and error-prone and can't provide any additional
information.
Change-Id: Iee1f36a1905d9b9c6b26d0684b7848571f0c1733
|
| |
|
|
|
| |
Bug: T353458
Change-Id: If0137003ab625017d322d57870448a02569668c3
|
| |
|
|
| |
Change-Id: I5629f91387f2ac453ee4341bfe4bba310bd52f03
|
| |
|
|
| |
Change-Id: Ic8c210e9223f93ecf66ad2e09de7838f0cd79f70
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Just methods where adding "static" to the declaration was enough, I
didn't do anything with providers that used $this.
Initially by search and replace. There were many mistakes which I
found mostly by running the PHPStorm inspection which searches for
$this usage in a static method. Later I used the PHPStorm "make static"
action which avoids the more obvious mistakes.
Bug: T332865
Change-Id: I47ed6692945607dfa5c139d42edbd934fa4f3a36
|
| |
|
|
|
|
|
|
| |
Inkscape has an attribute only-selected in it's namespace which
is not interpreted by browsers and should be safe upload.
Bug: T288186
Change-Id: I044f225aef813efc708eb96f588fc55733d165f3
|
| |
|
|
|
|
|
|
| |
Introduced in PHP 7.1. Because it's shorter and looks nice.
I used regex replacement.
Change-Id: I0555e199d126cd44501f859cb4589f8bd49694da
|
| |
|
|
| |
Change-Id: I1b0e8e2cf4d85ae5ce8ad090cfc47f5086350702
|
| |
|
|
|
|
|
|
|
| |
UTF-8 is a strict superset of us-ascii, so any us-ascii file is a valid
UTF-8 file. So therefore it should be a safe encoding to use as it does
not allow you to hide JavaScript, unlike with UTF-7.
Bug: T278386
Change-Id: I0e52120812e3a0bd5112fe2c240ebb2d5d00ebc7
|
| |
|
|
|
|
|
|
|
|
|
| |
There is a common and reasonable need for longer lines in tests.
The nudge for shorter lines doesn't seem valuable here. The natural
breaks will likely still fall in 80-100 given the enforced practice
for non-test code, e.g. whether through habit, or 80-100 column markers
in text editors, or the finite width of diff and code review
interfaces.
Change-Id: I879479e13551789a67624ce66f0946d2f185e6ee
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0
The following sniffs now pass and were enabled:
* Generic.ControlStructures.InlineControlStructure
* MediaWiki.PHPUnit.AssertCount.NotUsed
npm:
* svgo: 2.3.0 → 2.3.1
* https://npmjs.com/advisories/1754 (CVE-2021-33587)
Change-Id: I2a9bbee2fecbf7259876d335f565ece4b3622426
|
| |
|
|
| |
Change-Id: Ic663e81cca0bf007804a70772250914a85f1fef4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The InterwikiLoadPrefix hook isn't compatible with Parsoid, as it is
unidirectional and doesn't support enumerating all valid prefixes
(T270444). Set/reset $wgInterwikiCache to mock the interwiki table
for parserTests and other unit tests instead.
This is a soft deprecation, as the used-in-production
Extension:Interwiki still uses InterwikiLoadPrefix, although not in a
way that would break Parsoid (since $wgInterwikiCache is set in
production).
Bug: T270444
Change-Id: If2507017c99c4ee42c104a0890bc45a84d7239d5
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The name change happened some time ago, and I think its
about time to start using the name name!
(Done with a find and replace)
My personal motivation for doing this is that I have started
trying out vscode as an IDE for mediawiki development, and
right now it doesn't appear to handle php aliases very well
or at all.
Change-Id: I412235d91ae26e4c1c6a62e0dbb7e7cf3c5ed4a6
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Update the two "processing_instruction_handler" and
"external_dtd_handler" callbacks to use a syntax for the callback
that doesn't stuff the class name in a string, but actually
references the class.
* We don't need call_user_func() in modern PHP7 any more.
* Add and update a few type hints in UploadBase to make the code
easier explorable.
Change-Id: I0ab3cfbe4f0bf15b1da4ab10fd9ffc1986d968d0
|
| |
|
|
|
|
| |
Bug: T192167
Depends-On: I581e54278ac5da3f4e399e33f2c7ad468bae6b43
Change-Id: I3a21fb55db76bac51afdd399cf40ed0760e4f343
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allows uploaded files to include some HTML tag strings that were
previously forbidden in the first 1k or so of the file:
* <a href
* <img
* <pre
* <table
* <title
They are now allowed as long as the IE MIME type detection heuristic
would not change their types. This should reduce the number of false
positive checks in JPEGs with EXIF data with links.
Also deprecates $wgAllowTitlesInSVG and allows it by default.
This should still protect against malformed PNG attacks on old IE
versions, though false positive checks are conceivable on PNG files
containing comments very close to the beginning of the file.
Adds $wgVerifyMimeTypeIE config var to allow disabling the IE checks
entirely, if desired, but leaves it in place by default. These are
more conservative than the checks that were removed.
Added test cases for the old IE5/6 bug and the particular sort of
JPEG metadata that struck false positives previously.
Bug: T27707
Change-Id: I66642a74fce1a1894cad67d62b0da61020db469a
|
| |
|
|
|
|
|
|
|
|
|
| |
The filter attribute will often have things like filter="url( #foo )"
These local to the file filters in svgs should be fine (We already
disallow non-local xlink:href attributes on <filter> elements). In
fact, users can already do the exact same thing by doing:
style="filter: url( #foo )"
Bug: 67044
Change-Id: Ib25328c160c0d5ea7e01dc84616b76e1b9dcd0eb
|
| |
|
|
|
|
|
|
|
|
|
| |
file_get_contents() started supporting a negative offset in 7.1+. But
we really just want to start with 0.
Also fix the order of arguments to assertSame() so that the expected
value is first.
Bug: T182366
Change-Id: I84c92652de5b51a43f6e2b58cd235d2889093453
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up use of @codingStandardsIgnore
- @codingStandardsIgnoreFile -> phpcs:ignoreFile
- @codingStandardsIgnoreLine -> phpcs:ignore
- @codingStandardsIgnoreStart -> phpcs:disable
- @codingStandardsIgnoreEnd -> phpcs:enable
For phpcs:disable always the necessary sniffs are provided.
Some start/end pairs are changed to line ignore
Change-Id: I92ef235849bcc349c69e53504e664a155dd162c8
|
| |
|
|
| |
Change-Id: I7e65c1734aef01cd6395ee65204a0158d1635b0c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only allow ENTITY declarations inside the doctype internal
subset. Do not allow parameter entities, recursive entity
references are entity values longer than 255 bytes, or
external entity references. Filter external doctype subset
to only allow the standard svg doctypes.
Recursive entities that are simple aliases are allowed
because people appear to use them on commons. Declaring
xmlns:xlink to have a #FIXED value to the xlink namespace
is allowed because GraphViz apparently does that so its
somewhat common.
This prevents someone bypassing filter by using default
attribute values in internal dtd subset. No browser loads
the external dtd subset that I could find, but whitelist
just to be safe anyways.
Issue reported by Cassiogomes11.
Bug: T151735
Change-Id: I7cb4690f759ad97e70e06e560978b6207d84c446
|
| |
|
|
|
|
|
| |
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
Change-Id: I46261416f7603558dceb76ebe695a5cac274e417
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link.
Also update some defect links.
Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inkscape mangles namespace definitions created by Adobe Illustrator
(apparently it can't parse custom entities or something, maybe just
in 'xmlns' attributes). These files are still valid SVG, and not
a security issue (although Illustrator probably won't like them),
so it's okay to allow them.
Added tests with some example files.
* buggynamespace-original.svg
File generated by Illustrator (edited by hand to reduce filesize).
Based on <https://commons.wikimedia.org/w/?curid=16495597>.
* buggynamespace-okay.svg
The original file, opened and saved in Inkscape (no other changes).
* buggynamespace-okay2.svg
The original file, opened and saved in Inkscape twice.
* buggynamespace-bad.svg
The original file, edited by hand to remove custom entities.
This is not valid XML and should be rejected (although it's valid
when parsed as HTML, and some image viewers might display it).
* buggynamespace-evilhtml.svg
An SVG file using an entity declared namespace for a namespace
we want to ban. Based on buggynamespace-original.svg.
Bug: T144827
Change-Id: I0eb9766cab86a58d729f10033c64f57d2076d917
|
| |
|
|
|
|
|
|
|
| |
The check is meant to prevent weird encodings like UTF-7 or HZ.
Encodings like the WINDOWS-125X family which are extensions of ascii
are safe. Additionally people still use windows-1252 on rare occasion.
Bug: T72937
Change-Id: I6cd63274cc04a7fca3afd244b4122ea64042dced
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add slash and backslash ('/' and '\') to $wgIllegalFileChars.
* Replace illegal chars before removing paths in wfStripIllegalFilenameChars().
This way users trying to upload a file with slashes in the name will
get a better filename suggestion (e.g. for 'Foo part 1/3.jpg', you
previously got '3.jpg', now you'll get 'Foo part 1-3.jpg'). Uploading
tools that don't special-case slashes will also behave better.
Change-Id: Ib78f48a5f8c92e8ab2dc773ea6789b96b3662177
|
| |
|
|
|
|
|
|
|
|
|
| |
SVG filter incorrectly used the m modifier when checking if an href
attribute started with 'https?://', incorrectly matching attributes
such as, "javascript:alert(' http://foo')".
Bug: T122653
Change-Id: I41291fff344241cad3171f3e8050de99b62a2296
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
|
| |
|
|
| |
Change-Id: I76a7259ed952a0673a1941f08b39b545211fba07
|
| |
|
|
|
|
|
|
|
|
| |
Per wikitech-l consensus:
https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html
Notes:
* Disabled CallTimePassByReference due to false positives (T127163)
Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
|
| |
|
|
|
|
|
| |
The double empty newline is not needed between functions, variable or at
end of file
Change-Id: Ib866a95084c4601ac150a2b402cfa184ebc18afa
|
| |
|
|
|
| |
Bug: T102614
Change-Id: Iee3df5f064f595ecebe8210cc936bc3d20a122c9
|
| |
|
|
|
|
|
|
|
|
|
|
| |
XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml
entities unexpanded, which can lead to false-negatives when the
callback was used for filtering. Update XmlTypeCheck to use XMLReader
instead, tell the library to fully expand entities, and rely on the
library to error out if it encounters XML that is likely to cause a DoS
if parsed.
Bug: T88310
Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba
|
| |
|
|
|
|
|
|
| |
The blacklist should prevent animating any element's xlink:href to a
javascript url.
Bug: T86711
Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a
|
| |
|
|
|
|
|
|
| |
Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got
around our blacklist on embedded href targets. Use a whitelist instead.
Bug: T85850
Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28
|
| |
|
|
|
|
|
|
|
|
|
|
| |
@import in embedded CSS is case-insensitive, meaning
an attacker can put "@iMpOrT" and it should still
work.
This uses stripos instead of strpos to make the check
case insensitive.
Bug: T85349
Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use MediaWikiTestCase::getNewTempFile and getNewTempDirectory
instead of wfTempDir().
The upload api tests wrote a tempnam() file directly (where
wfTempDir() is typically shared with other systems and concurrent
runs). Use MediaWikiTestCase::getNewTempFile and
getNewTempDirectory instead.
This also ensures its removal by the teardown handler without
needing manual unlink() calls. And it doesn't rely on the test
passing. (Many unlink calls where at the bottom of tests,
which wouldn't be reached in case of failure).
* For the upload test, the presistent storing of
'Oberaargletscher_from_Oberaar.jpg' (downloaded from Commons)
was removed. Note that this didn't work for Jenkins builds anyway
as Jenkins builds set $wgTmpDirectory to a unique directory
in tmpfs associated with an individual build.
* For filebackend tests, moved directory creation from the dataProvider
to the main test.
Implemented addTmpFiles() to allow subclasses to register
additional files (created by other means) to be cleaned up also.
Removed unused $tmpName and $toPath parameters in data
provider for FileBackendTest::testStore. And fixed weird double
$op2 variable name to be called $op3.
* Skipped parserTest.inc, MockFileBackend.php, and
UploadFromUrlTestSuite.php as those don't use MediaWikiTestCase.
Change-Id: Ic7feb06ef0c1006eb99485470a1a59419f972545
|
| |
|
|
|
|
|
|
|
|
|
| |
Abstracts the logic for restoration into the built-in teardown()
handler.
Also purify the test configuration by setting wgHooks and
wgFileExtensions to otherwise empty arrays instead of extending
existing ones.
Change-Id: Ied65ee62f658dd650c603a54e72cd19965867a8f
|
| |
|
|
|
|
|
|
|
|
| |
* Filter <style> elements
* Normalize style elements and attributes before filtering
* Add checks for attributes that contain css
* Add unit tests for html5sec and reported bugs
Bug:69008
Change-Id: I732eece710f1bfaaeea1e5de541fcd4cfb375de7
|
| |
|
|
|
|
|
|
| |
- Removed trailing spaces in comments
- Removed multiple empty lines
- Removed space after object operator
Change-Id: I9fd3256ab490c7cd2034de3fd94e6be6e6d6d8f2
|
| |
|
|
| |
Change-Id: Iff3af78e9b41c445b7f066b6c0d0f4a87d2d6c4e
|
|
|
And renamed the inner class name.
Change-Id: I2ed94a61214439d5c70d04bd1dbddd68754b595e
|
