From: Brian Wolff Date: Mon, 1 Aug 2016 08:01:46 +0000 (+0000) Subject: Allow SVGs encoded as WINDOWS-125[0-8]. X-Git-Tag: 1.31.0-rc.0~6199^2 X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/ajouter.php?a=commitdiff_plain;h=4fd1f42d0b8f61fa970a5e1dbb37a0979a11e537;p=lhc%2Fweb%2Fwiklou.git Allow SVGs encoded as WINDOWS-125[0-8]. The check is meant to prevent weird encodings like UTF-7 or HZ. Encodings like the WINDOWS-125X family which are extensions of ascii are safe. Additionally people still use windows-1252 on rare occasion. Bug: T72937 Change-Id: I6cd63274cc04a7fca3afd244b4122ea64042dced --- diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 71d032fb86..f4bb7ec212 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -53,7 +53,16 @@ abstract class UploadBase { 'ISO-8859-1', 'ISO-8859-2', 'UTF-16', - 'UTF-32' + 'UTF-32', + 'WINDOWS-1250', + 'WINDOWS-1251', + 'WINDOWS-1252', + 'WINDOWS-1253', + 'WINDOWS-1254', + 'WINDOWS-1255', + 'WINDOWS-1256', + 'WINDOWS-1257', + 'WINDOWS-1258', ]; const SUCCESS = 0; diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index de6c4120a6..3debe6e198 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -396,6 +396,23 @@ class UploadBaseTest extends MediaWikiTestCase { ]; // @codingStandardsIgnoreEnd } + + /** + * @dataProvider provideCheckXMLEncodingMissmatch + */ + public function testCheckXMLEncodingMissmatch( $fileContents, $evil ) { + $filename = $this->getNewTempFile(); + file_put_contents( $filename, $fileContents ); + $this->assertSame( UploadBase::checkXMLEncodingMissmatch( $filename ), $evil ); + } + + public function provideCheckXMLEncodingMissmatch() { + return [ + [ '', true ], + [ '', false ], + [ '', false ], + ]; + } } class UploadTestHandler extends UploadBase {