Avoid exposure of local path in PNG thumbnails

[lhc/web/wiklou.git] / includes / media / Bitmap.php

diff --git a/includes/media/Bitmap.php b/includes/media/Bitmap.php
index 1f00650..faf40b3 100644 (file)
--- a/includes/media/Bitmap.php
+++ b/includes/media/Bitmap.php
@@ -161,6 +161,8 @@ class BitmapHandler extends TransformationalImageHandler {
                        ( $params['comment'] !== ''
                                ? array( '-set', 'comment', $this->escapeMagickProperty( $params['comment'] ) )
                                : array() ),
+                       // T108616: Avoid exposure of local file path
+                       array( '+set', 'Thumb::URI' ),
                        array( '-depth', 8 ),
                        $sharpen,
                        array( '-rotate', "-$rotation" ),
@@ -299,7 +301,6 @@ class BitmapHandler extends TransformationalImageHandler {
         */
        protected function transformGd( $image, $params ) {
                # Use PHP's builtin GD library functions.
-               #
                # First find out what kind of file this is, and select the correct
                # input routine for this.
 
@@ -339,7 +340,9 @@ class BitmapHandler extends TransformationalImageHandler {
 
                $src_image = call_user_func( $loader, $params['srcPath'] );
 
-               $rotation = function_exists( 'imagerotate' ) && !isset( $params['disableRotation'] ) ? $this->getRotation( $image ) : 0;
+               $rotation = function_exists( 'imagerotate' ) && !isset( $params['disableRotation'] ) ?
+                       $this->getRotation( $image ) :
+                       0;
                list( $width, $height ) = $this->extractPreRotationDimensions( $params, $rotation );
                $dst_image = imagecreatetruecolor( $width, $height );