From d1bbbe61c4d613b15c704ac14a9aa104445a052a Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Fri, 3 Oct 2014 11:36:19 -0400
Subject: [PATCH] Don't try to verify XML well-formedness for partial SVG
 uploads

Chunked uploads of SVGs are currently failing with "invalid XML" errors
because UploadBase::detectScriptInSvg() requires the full file but is
being called from UploadBase::verifyPartialFile().

So let's do the check twice: once in UploadBase::verifyPartialFile()
where it will pass if non-well-formed, and once in
UploadBase::verifyFile() where it will fail if non-well-formed.

Bug: 65724
Change-Id: I6126e185eb4b183c31946f13c576521f1ed19c16
---
 includes/upload/UploadBase.php | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index b3404dcc83..808b323da8 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -424,7 +424,7 @@ abstract class UploadBase {
 	 * @return mixed True of the file is verified, array otherwise.
 	 */
 	protected function verifyFile() {
-		global $wgVerifyMimeType;
+		global $wgVerifyMimeType, $wgDisableUploadScriptChecks;
 		wfProfileIn( __METHOD__ );
 
 		$status = $this->verifyPartialFile();
@@ -446,6 +446,18 @@ abstract class UploadBase {
 			}
 		}
 
+		# check for htmlish code and javascript
+		if ( !$wgDisableUploadScriptChecks ) {
+			if ( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) {
+				$svgStatus = $this->detectScriptInSvg( $this->mTempPath, false );
+				if ( $svgStatus !== false ) {
+					wfProfileOut( __METHOD__ );
+
+					return $svgStatus;
+				}
+			}
+		}
+
 		$handler = MediaHandler::getHandler( $mime );
 		if ( $handler ) {
 			$handlerStatus = $handler->verifyUpload( $this->mTempPath );
@@ -504,7 +516,7 @@ abstract class UploadBase {
 				return array( 'uploadscripted' );
 			}
 			if ( $this->mFinalExtension == 'svg' || $mime == 'image/svg+xml' ) {
-				$svgStatus = $this->detectScriptInSvg( $this->mTempPath );
+				$svgStatus = $this->detectScriptInSvg( $this->mTempPath, true );
 				if ( $svgStatus !== false ) {
 					wfProfileOut( __METHOD__ );
 
@@ -1274,9 +1286,10 @@ abstract class UploadBase {
 
 	/**
 	 * @param string $filename
+	 * @param bool $partial
 	 * @return mixed False of the file is verified (does not contain scripts), array otherwise.
 	 */
-	protected function detectScriptInSvg( $filename ) {
+	protected function detectScriptInSvg( $filename, $partial ) {
 		$this->mSVGNSError = false;
 		$check = new XmlTypeCheck(
 			$filename,
@@ -1286,7 +1299,8 @@ abstract class UploadBase {
 		);
 		if ( $check->wellFormed !== true ) {
 			// Invalid xml (bug 58553)
-			return array( 'uploadinvalidxml' );
+			// But only when non-partial (bug 65724)
+			return $partial ? false : array( 'uploadinvalidxml' );
 		} elseif ( $check->filterMatch ) {
 			if ( $this->mSVGNSError ) {
 				return array( 'uploadscriptednamespace', $this->mSVGNSError );
-- 
2.20.1