From 4fd1f42d0b8f61fa970a5e1dbb37a0979a11e537 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Mon, 1 Aug 2016 08:01:46 +0000 Subject: [PATCH] Allow SVGs encoded as WINDOWS-125[0-8]. The check is meant to prevent weird encodings like UTF-7 or HZ. Encodings like the WINDOWS-125X family which are extensions of ascii are safe. Additionally people still use windows-1252 on rare occasion. Bug: T72937 Change-Id: I6cd63274cc04a7fca3afd244b4122ea64042dced --- includes/upload/UploadBase.php | 11 ++++++++++- .../phpunit/includes/upload/UploadBaseTest.php | 17 +++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 71d032fb86..f4bb7ec212 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -53,7 +53,16 @@ abstract class UploadBase { 'ISO-8859-1', 'ISO-8859-2', 'UTF-16', - 'UTF-32' + 'UTF-32', + 'WINDOWS-1250', + 'WINDOWS-1251', + 'WINDOWS-1252', + 'WINDOWS-1253', + 'WINDOWS-1254', + 'WINDOWS-1255', + 'WINDOWS-1256', + 'WINDOWS-1257', + 'WINDOWS-1258', ]; const SUCCESS = 0; diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index de6c4120a6..3debe6e198 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -396,6 +396,23 @@ class UploadBaseTest extends MediaWikiTestCase { ]; // @codingStandardsIgnoreEnd } + + /** + * @dataProvider provideCheckXMLEncodingMissmatch + */ + public function testCheckXMLEncodingMissmatch( $fileContents, $evil ) { + $filename = $this->getNewTempFile(); + file_put_contents( $filename, $fileContents ); + $this->assertSame( UploadBase::checkXMLEncodingMissmatch( $filename ), $evil ); + } + + public function provideCheckXMLEncodingMissmatch() { + return [ + [ '', true ], + [ '', false ], + [ '', false ], + ]; + } } class UploadTestHandler extends UploadBase { -- 2.20.1