From 535725048df0f5174eeab056d23a3079ad1201f4 Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Mon, 2 Jan 2012 03:15:42 +0000 Subject: [PATCH] (bug 31719) Revert r107359 and apply a proper solution for entity expansion in SVGs. --- RELEASE-NOTES-1.19 | 3 ++- includes/media/SVGMetadataExtractor.php | 12 +++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index 071c3e4efe..5855e3e465 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -197,7 +197,8 @@ production. cssText after DOM insertion. * (bug 30711) When adding a new section to a page with section=new, the text is now always added to the current version of the page -* (bug 31719) Recognize &ns_svg; as the svg namespace when extracting width +* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding + XML entities correctly. * (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens) should be loaded in for proper dependency resolution * (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded diff --git a/includes/media/SVGMetadataExtractor.php b/includes/media/SVGMetadataExtractor.php index 1da5b94af5..db9f05fd4b 100644 --- a/includes/media/SVGMetadataExtractor.php +++ b/includes/media/SVGMetadataExtractor.php @@ -36,7 +36,6 @@ class SVGReader { const DEFAULT_WIDTH = 512; const DEFAULT_HEIGHT = 512; const NS_SVG = 'http://www.w3.org/2000/svg'; - const ADOBE_SVG_ENTITY = '&ns_svg;'; private $reader = null; private $mDebug = false; @@ -69,6 +68,12 @@ class SVGReader { $this->reader->open( $source, null, LIBXML_NOERROR | LIBXML_NOWARNING ); } + // Expand entities, since Adobe Illustrator uses them for xmlns + // attributes (bug 31719). Note that libxml2 has some protection + // against large recursive entity expansions so this is not as + // insecure as it might appear to be. + $this->reader->setParserProperty( XMLReader::SUBST_ENTITIES, true ); + $this->metadata['width'] = self::DEFAULT_WIDTH; $this->metadata['height'] = self::DEFAULT_HEIGHT; @@ -103,10 +108,7 @@ class SVGReader { $keepReading = $this->reader->read(); } - # Note, entities not expanded in namespaceURI - bug 31719 - if ( $this->reader->localName != 'svg' || - ( $this->reader->namespaceURI != self::NS_SVG && - $this->reader->namespaceURI != self::ADOBE_SVG_ENTITY ) ) { + if ( $this->reader->localName != 'svg' || $this->reader->namespaceURI != self::NS_SVG ) { throw new MWException( "Expected tag, got ". $this->reader->localName . " in NS " . $this->reader->namespaceURI ); } -- 2.20.1