Allow SVGs encoded as WINDOWS-125[0-8].

The check is meant to prevent weird encodings like UTF-7 or HZ.
Encodings like the WINDOWS-125X family which are extensions of ascii
are safe. Additionally people still use windows-1252 on rare occasion.

Bug: T72937
Change-Id: I6cd63274cc04a7fca3afd244b4122ea64042dced

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 71d032f..f4bb7ec 100644 (file)
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -53,7 +53,16 @@ abstract class UploadBase {
                'ISO-8859-1',
                'ISO-8859-2',
                'UTF-16',
-               'UTF-32'
+               'UTF-32',
+               'WINDOWS-1250',
+               'WINDOWS-1251',
+               'WINDOWS-1252',
+               'WINDOWS-1253',
+               'WINDOWS-1254',
+               'WINDOWS-1255',
+               'WINDOWS-1256',
+               'WINDOWS-1257',
+               'WINDOWS-1258',
        ];
 
        const SUCCESS = 0;

diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php
index de6c412..3debe6e 100644 (file)
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -396,6 +396,23 @@ class UploadBaseTest extends MediaWikiTestCase {
                ];
                // @codingStandardsIgnoreEnd
        }
+
+       /**
+        * @dataProvider provideCheckXMLEncodingMissmatch
+        */
+       public function testCheckXMLEncodingMissmatch( $fileContents, $evil ) {
+               $filename = $this->getNewTempFile();
+               file_put_contents( $filename, $fileContents );
+               $this->assertSame( UploadBase::checkXMLEncodingMissmatch( $filename ), $evil );
+       }
+
+       public function provideCheckXMLEncodingMissmatch() {
+               return [
+                       [ '<?xml version="1.0" encoding="utf-7"?><svg></svg>', true ],
+                       [ '<?xml version="1.0" encoding="utf-8"?><svg></svg>', false ],
+                       [ '<?xml version="1.0" encoding="WINDOWS-1252"?><svg></svg>', false ],
+               ];
+       }
 }
 
 class UploadTestHandler extends UploadBase {