[lhc/web/wiklou.git] / tests / phpunit / includes / upload / UploadBaseTest.php
1 <?php
3 /**
4 * @group Upload
5 */
6 class UploadBaseTest extends MediaWikiTestCase {
8 /** @var UploadTestHandler */
9 protected $upload;
11 protected function setUp() {
12 parent::setUp();
14 $this->upload = new UploadTestHandler;
16 $this->setMwGlobals( 'wgHooks', [
17 'InterwikiLoadPrefix' => [
18 function ( $prefix, &$data ) {
19 return false;
20 }
21 ],
22 ] );
23 }
25 /**
26 * First checks the return code
27 * of UploadBase::getTitle() and then the actual returned title
28 *
29 * @dataProvider provideTestTitleValidation
30 * @covers UploadBase::getTitle
31 */
32 public function testTitleValidation( $srcFilename, $dstFilename, $code, $msg ) {
33 /* Check the result code */
34 $this->assertEquals( $code,
35 $this->upload->testTitleValidation( $srcFilename ),
36 "$msg code" );
38 /* If we expect a valid title, check the title itself. */
39 if ( $code == UploadBase::OK ) {
40 $this->assertEquals( $dstFilename,
41 $this->upload->getTitle()->getText(),
42 "$msg text" );
43 }
44 }
46 /**
47 * Test various forms of valid and invalid titles that can be supplied.
48 */
49 public static function provideTestTitleValidation() {
50 return [
51 /* Test a valid title */
52 [ 'ValidTitle.jpg', 'ValidTitle.jpg', UploadBase::OK,
53 'upload valid title' ],
54 /* A title with a slash */
55 [ 'A/B.jpg', 'B.jpg', UploadBase::OK,
56 'upload title with slash' ],
57 /* A title with illegal char */
58 [ 'A:B.jpg', 'A-B.jpg', UploadBase::OK,
59 'upload title with colon' ],
60 /* Stripping leading File: prefix */
61 [ 'File:C.jpg', 'C.jpg', UploadBase::OK,
62 'upload title with File prefix' ],
63 /* Test illegal suggested title (r94601) */
64 [ '%281%29.JPG', null, UploadBase::ILLEGAL_FILENAME,
65 'illegal title for upload' ],
66 /* A title without extension */
67 [ 'A', null, UploadBase::FILETYPE_MISSING,
68 'upload title without extension' ],
69 /* A title with no basename */
70 [ '.jpg', null, UploadBase::MIN_LENGTH_PARTNAME,
71 'upload title without basename' ],
72 /* A title that is longer than 255 bytes */
73 [ str_repeat( 'a', 255 ) . '.jpg', null, UploadBase::FILENAME_TOO_LONG,
74 'upload title longer than 255 bytes' ],
75 /* A title that is longer than 240 bytes */
76 [ str_repeat( 'a', 240 ) . '.jpg', null, UploadBase::FILENAME_TOO_LONG,
77 'upload title longer than 240 bytes' ],
78 ];
79 }
81 /**
82 * Test the upload verification functions
83 * @covers UploadBase::verifyUpload
84 */
85 public function testVerifyUpload() {
86 /* Setup with zero file size */
87 $this->upload->initializePathInfo( '', '', 0 );
88 $result = $this->upload->verifyUpload();
89 $this->assertEquals( UploadBase::EMPTY_FILE,
90 $result['status'],
91 'upload empty file' );
92 }
94 // Helper used to create an empty file of size $size.
95 private function createFileOfSize( $size ) {
96 $filename = $this->getNewTempFile();
98 $fh = fopen( $filename, 'w' );
99 ftruncate( $fh, $size );
100 fclose( $fh );
102 return $filename;
103 }
105 /**
106 * test uploading a 100 bytes file with $wgMaxUploadSize = 100
107 *
108 * This method should be abstracted so we can test different settings.
109 */
110 public function testMaxUploadSize() {
111 $this->setMwGlobals( [
112 'wgMaxUploadSize' => 100,
113 'wgFileExtensions' => [
114 'txt',
115 ],
116 ] );
118 $filename = $this->createFileOfSize( 100 );
119 $this->upload->initializePathInfo( basename( $filename ) . '.txt', $filename, 100 );
120 $result = $this->upload->verifyUpload();
122 $this->assertEquals(
123 [ 'status' => UploadBase::OK ],
124 $result
125 );
126 }
128 /**
129 * @dataProvider provideCheckSvgScriptCallback
130 */
131 public function testCheckSvgScriptCallback( $svg, $wellFormed, $filterMatch, $message ) {
132 list( $formed, $match ) = $this->upload->checkSvgString( $svg );
133 $this->assertSame( $wellFormed, $formed, $message );
134 $this->assertSame( $filterMatch, $match, $message );
135 }
137 public static function provideCheckSvgScriptCallback() {
138 // @codingStandardsIgnoreStart Generic.Files.LineLength
139 return [
140 // html5sec SVG vectors
141 [
142 '<svg xmlns=""><script>alert(1)</script></svg>',
143 true,
144 true,
145 'Script tag in svg ('
146 ],
147 [
148 '<svg xmlns=""><g onload="javascript:alert(1)"></g></svg>',
149 true,
150 true,
151 'SVG with onload property ('
152 ],
153 [
154 '<svg onload="javascript:alert(1)" xmlns=""></svg>',
155 true,
156 true,
157 'SVG with onload property ('
158 ],
159 [
160 '<svg xmlns=""> <a xmlns:xlink="" xlink:href="javascript:alert(1)"><rect width="1000" height="1000" fill="white"/></a> </svg>',
161 true,
162 true,
163 'SVG with javascript xlink ('
164 ],
165 [
166 '<svg xmlns="" xmlns:xlink=""><use xlink:href="data:application/xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjUwIiBjeD0iMTAwIiBjeT0iMTAwIiBzdHlsZT0iZmlsbDogI0YwMCI+CjxzZXQgYXR0cmlidXRlTmFtZT0iZmlsbCIgYXR0cmlidXRlVHlwZT0iQ1NTIiBvbmJlZ2luPSdhbGVydChkb2N1bWVudC5jb29raWUpJwpvbmVuZD0nYWxlcnQoIm9uZW5kIiknIHRvPSIjMDBGIiBiZWdpbj0iMXMiIGR1cj0iNXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/> </svg>',
167 true,
168 true,
169 'SVG with Opera image xlink ( - c)'
170 ],
171 [
172 '<svg xmlns="" xmlns:xlink=""> <animation xlink:href="javascript:alert(1)"/> </svg>',
173 true,
174 true,
175 'SVG with Opera animation xlink ( - a)'
176 ],
177 [
178 '<svg xmlns="" xmlns:xlink=""> <animation xlink:href="data:text/xml,%3Csvg xmlns=\'\' onload=\'alert(1)\'%3E%3C/svg%3E"/> </svg>',
179 true,
180 true,
181 'SVG with Opera animation xlink ( - b)'
182 ],
183 [
184 '<svg xmlns="" xmlns:xlink=""> <image xlink:href="data:image/svg+xml,%3Csvg xmlns=\'\' onload=\'alert(1)\'%3E%3C/svg%3E"/> </svg>',
185 true,
186 true,
187 'SVG with Opera image xlink ( - c)'
188 ],
189 [
190 '<svg xmlns="" xmlns:xlink=""> <foreignObject xlink:href="javascript:alert(1)"/> </svg>',
191 true,
192 true,
193 'SVG with Opera foreignObject xlink ( - d)'
194 ],
195 [
196 '<svg xmlns="" xmlns:xlink=""> <foreignObject xlink:href="data:text/xml,%3Cscript xmlns=\'\'%3Ealert(1)%3C/script%3E"/> </svg>',
197 true,
198 true,
199 'SVG with Opera foreignObject xlink ( - e)'
200 ],
201 [
202 '<svg xmlns=""> <set attributeName="onmouseover" to="alert(1)"/> </svg>',
203 true,
204 true,
205 'SVG with event handler set ( - a)'
206 ],
207 [
208 '<svg xmlns=""> <animate attributeName="onunload" to="alert(1)"/> </svg>',
209 true,
210 true,
211 'SVG with event handler animate ( - a)'
212 ],
213 [
214 '<svg xmlns=""> <handler xmlns:ev="" ev:event="load">alert(1)</handler> </svg>',
215 true,
216 true,
217 'SVG with element handler ('
218 ],
219 [
220 '<svg xmlns="" xmlns:xlink=""> <feImage> <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/> </feImage> </svg>',
221 true,
222 true,
223 'SVG with href to data: url ('
224 ],
225 [
226 '<svg xmlns="" id="foo"> <x xmlns="" event="load" observer="foo" handler="data:image/svg+xml, alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> </svg>',
227 true,
228 true,
229 'SVG with Tiny handler ('
230 ],
231 [
232 '<svg xmlns=""> <a id="x"><rect fill="white" width="1000" height="1000"/></a> <rect fill="white" style="clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);"/> </svg>',
233 true,
234 true,
235 'SVG with new CSS styles properties ('
236 ],
237 [
238 '<svg xmlns=""> <a id="x"><rect fill="white" width="1000" height="1000"/></a> <rect clip-path="url(test3.svg#a)" /> </svg>',
239 true,
240 true,
241 'SVG with new CSS styles properties as attributes'
242 ],
243 [
244 '<svg xmlns=""> <a id="x"> <rect fill="white" width="1000" height="1000"/> </a> <rect fill="url(" /> </svg>',
245 true,
246 true,
247 'SVG with new CSS styles properties as attributes (2)'
248 ],
249 [
250 '<svg xmlns=""> <path d="M0,0" style="marker-start:url(test4.svg#a)"/> </svg>',
251 true,
252 true,
253 'SVG with path marker-start ('
254 ],
255 [
256 '<?xml version="1.0"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <!DOCTYPE doc [ <!ATTLIST xsl:stylesheet id ID #REQUIRED>]> <svg xmlns=""> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl=""> <xsl:template match="/"> <iframe xmlns="" src="javascript:alert(1)"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle> </svg>',
257 true,
258 true,
259 'SVG with embedded stylesheet ('
260 ],
261 [
262 '<svg xmlns="" id="x"> <listener event="load" handler="#y" xmlns="" observer="x"/> <handler id="y">alert(1)</handler> </svg>',
263 true,
264 true,
265 'SVG with handler attribute ('
266 ],
267 [
268 // Haven't found a browser that accepts this particular example, but we
269 // don't want to allow embeded svgs, ever
270 '<svg> <image style=\'filter:url("data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ/YWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg==")\' /> </svg>',
271 true,
272 true,
273 'SVG with image filter via style ('
274 ],
275 [
276 // This doesn't seem possible without embedding the svg, but just in case
277 '<svg> <a xmlns:xlink="" xlink:href="?"> <circle r="400"></circle> <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="" /> </a></svg>',
278 true,
279 true,
280 'SVG with animate from ('
281 ],
282 [
283 '<svg xmlns="" xmlns:xlink=""> <a><text y="1em">Click me</text> <animate attributeName="xlink:href" values="javascript:alert(\'Bang!\')" begin="0s" dur="0.1s" fill="freeze" /> </a></svg>',
284 true,
285 true,
286 'SVG with animate xlink:href ('
287 ],
288 [
289 '<svg xmlns="" xmlns:y=""> <a y:href="#"> <text y="1em">Click me</text> <animate attributeName="y:href" values="javascript:alert(\'Bang!\')" begin="0s" dur="0.1s" fill="freeze" /> </a> </svg>',
290 true,
291 true,
292 'SVG with animate y:href ('
293 ],
295 // Other hostile SVG's
296 [
297 '<?xml version="1.0" encoding="UTF-8" standalone="no"?> <svg xmlns:xlink=""> <image xlink:href="" /> </svg>',
298 true,
299 true,
300 'SVG with non-local image href (bug 65839)'
301 ],
302 [
303 '<?xml version="1.0" ?> <?xml-stylesheet type="text/xsl" href="/w/index.php?title=User:Jeeves/test.xsl&amp;action=raw&amp;format=xml" ?> <svg> <height>50</height> <width>100</width> </svg>',
304 true,
305 true,
306 'SVG with remote stylesheet (bug 57550)'
307 ],
308 [
309 '<svg xmlns="" viewbox="-1 -1 15 15"> <rect y="0" height="13" width="12" stroke="#179" rx="1" fill="#2ac"/> <text x="1.5" y="11" font-family="courier" stroke="white" font-size="16"><![CDATA[B]]></text> <iframe xmlns="" srcdoc="&#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x27;&#x58;&#x53;&#x53;&#x45;&#x44;&#x20;&#x3D;&#x3E;&#x20;&#x44;&#x6F;&#x6D;&#x61;&#x69;&#x6E;&#x28;&#x27;&#x2B;&#x74;&#x6F;&#x70;&#x2E;&#x64;&#x6F;&#x63;&#x75;&#x6D;&#x65;&#x6E;&#x74;&#x2E;&#x64;&#x6F;&#x6D;&#x61;&#x69;&#x6E;&#x2B;&#x27;&#x29;&#x27;&#x29;&#x3B;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;"></iframe> </svg>',
310 true,
311 true,
312 'SVG with rembeded iframe (bug 60771)'
313 ],
314 [
315 '<svg xmlns="" viewBox="6 3 177 153" xmlns:xlink=""> <style>@import url(";");</style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold"></text> </g> </svg>',
316 true,
317 true,
318 'SVG with @import in style element (bug 69008)'
319 ],
320 [
321 '<svg xmlns="" viewBox="6 3 177 153" xmlns:xlink=""> <style>@import url(";");<foo/></style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold"></text> </g> </svg>',
322 true,
323 true,
324 'SVG with @import in style element and child element (bug 69008#c11)'
325 ],
326 [
327 '<svg xmlns="" viewBox="6 3 177 153" xmlns:xlink=""> <style>@imporT ";";</style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold"></text> </g> </svg>',
328 true,
329 true,
330 'SVG with case-insensitive @import in style element (bug T85349)'
331 ],
332 [
333 '<svg xmlns=""> <rect width="100" height="100" style="background-image:url("/> </svg>',
334 true,
335 true,
336 'SVG with remote background image (bug 69008)'
337 ],
338 [
339 '<svg xmlns=""> <rect width="100" height="100" style="background-image:\55rl("/> </svg>',
340 true,
341 true,
342 'SVG with remote background image, encoded (bug 69008)'
343 ],
344 [
345 '<svg xmlns=""> <style> #a { background-image:\55rl(\'\'); } </style> <rect width="100" height="100" id="a"/> </svg>',
346 true,
347 true,
348 'SVG with remote background image, in style element (bug 69008)'
349 ],
350 [
351 // This currently doesn't seem to work in any browsers, but in case
352 // is implemented for SVG files
353 '<svg xmlns=""> <rect width="100" height="100" style="background-image:image(\'sprites.svg#xywh=40,0,20,20\')"/> </svg>',
354 true,
355 true,
356 'SVG with remote background image using image() (bug 69008)'
357 ],
358 [
359 // As reported by Cure53
360 '<svg xmlns="" xmlns:xlink=""> <a xlink:href="data:text/html;charset=utf-8;base64, PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ%2BDQo%3D"> <circle r="400" fill="red"></circle> </a> </svg>',
361 true,
362 true,
363 'SVG with data:text/html link target (firefox only)'
364 ],
365 [
366 '<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "" [ <!ENTITY lol "lol"> <!ENTITY lol2 "&#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x27;&#x58;&#x53;&#x53;&#x45;&#x44;&#x20;&#x3D;&#x3E;&#x20;&#x27;&#x2B;&#x64;&#x6F;&#x63;&#x75;&#x6D;&#x65;&#x6E;&#x74;&#x2E;&#x64;&#x6F;&#x6D;&#x61;&#x69;&#x6E;&#x29;&#x3B;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;"> ]> <svg xmlns="" width="68" height="68" viewBox="-34 -34 68 68" version="1.1"> <circle cx="0" cy="0" r="24" fill="#c8c8c8"/> <text x="0" y="0" fill="black">&lol2;</text> </svg>',
367 true,
368 true,
369 'SVG with encoded script tag in internal entity (reported by Beyond Security)'
370 ],
371 [
372 '<?xml version="1.0"?> <!DOCTYPE svg [ <!ENTITY foo SYSTEM "file:///etc/passwd"> ]> <svg xmlns="" version="1.1"> <desc>&foo;</desc> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:1;stroke:rgb(0,0,2)" /> </svg>',
373 false,
374 false,
375 'SVG with external entity'
376 ],
377 [
378 "<svg xmlns=\"\" xmlns:xlink=\"\"> <g> <a xlink:href=\"javascript:alert('1&#10;')\"> <rect width=\"300\" height=\"100\" style=\"fill:rgb(0,0,255);stroke-width:1;stroke:rgb(0,0,2)\" /> </a> </g> </svg>",
379 true,
380 true,
381 'SVG with javascript <a> link with newline (T122653)'
382 ],
383 // Test good, but strange files that we want to allow
384 [
385 '<svg xmlns="" xmlns:xlink=""> <g> <a xlink:href=""> <path transform="translate(0,496)" id="path6706" d="m 112.09375,107.6875 -5.0625,3.625 -4.3125,5.03125 -0.46875,0.5 -4.09375,3.34375 -9.125,5.28125 -8.625,-3.375 z" style="fill:#cccccc;fill-opacity:1;stroke:#6e6e6e;stroke-width:0.69999999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;display:inline" /> </a> </g> </svg>',
386 true,
387 false,
388 'SVG with <a> link to a remote site'
389 ],
390 [
391 '<svg> <defs> <filter id="filter6226" x="-0.93243687" width="2.8648737" y="-0.24250539" height="1.4850108"> <feGaussianBlur stdDeviation="3.2344681" id="feGaussianBlur6228" /> </filter> <clipPath id="clipPath2436"> <path d="M 0,0 L 0,0 L 0,0 L 0,0 z" id="path2438" /> </clipPath> </defs> <g clip-path="url(#clipPath2436)" id="g2460"> <text id="text2466"> <tspan>12345</tspan> </text> </g> <path style="fill:#346733;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:round;stroke-linejoin:bevel;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:1, 1;stroke-dashoffset:0;filter:url(\'#filter6226\');fill-opacity:1;opacity:0.79807692" d="M 236.82371,332.63732 C 236.92217,332.63732 z" id="path5618" /> </svg>',
392 true,
393 false,
394 'SVG with local urls, including filter: in style'
395 ],
396 ];
397 // @codingStandardsIgnoreEnd
398 }
399 }
401 class UploadTestHandler extends UploadBase {
402 public function initializeFromRequest( &$request ) {
403 }
405 public function testTitleValidation( $name ) {
406 $this->mTitle = false;
407 $this->mDesiredDestName = $name;
408 $this->mTitleError = UploadBase::OK;
409 $this->getTitle();
411 return $this->mTitleError;
412 }
414 /**
415 * Almost the same as UploadBase::detectScriptInSvg, except it's
416 * public, works on an xml string instead of filename, and returns
417 * the result instead of interpreting them.
418 */
419 public function checkSvgString( $svg ) {
420 $check = new XmlTypeCheck(
421 $svg,
422 [ $this, 'checkSvgScriptCallback' ],
423 false,
424 [ 'processing_instruction_handler' => 'UploadBase::checkSvgPICallback' ]
425 );
426 return [ $check->wellFormed, $check->filterMatch ];
427 }
428 }