jenkins-bot has submitted this change and it was merged.
Change subject: Don't try to verify XML well-formedness for partial SVG uploads
......................................................................
Don't try to verify XML well-formedness for partial SVG uploads
Chunked uploads of SVGs are currently failing with "invalid XML" errors
because UploadBase::detectScriptInSvg() requires the full file but is
being called from UploadBase::verifyPartialFile().
So let's do the check twice: once in UploadBase::verifyPartialFile()
where it will pass if non-well-formed, and once in
UploadBase::verifyFile() where it will fail if non-well-formed.
Bug: 65724
Change-Id: I6126e185eb4b183c31946f13c576521f1ed19c16
---
M includes/upload/UploadBase.php
1 file changed, 18 insertions(+), 4 deletions(-)
Approvals:
CSteipp: Looks good to me, but someone else must approve
Aaron Schulz: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index b3404dc..808b323 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -424,7 +424,7 @@
* @return mixed True of the file is verified, array otherwise.
*/
protected function verifyFile() {
- global $wgVerifyMimeType;
+ global $wgVerifyMimeType, $wgDisableUploadScriptChecks;
wfProfileIn( __METHOD__ );
$status = $this->verifyPartialFile();
@@ -443,6 +443,18 @@
wfProfileOut( __METHOD__ );
return array( 'filetype-mime-mismatch',
$this->mFinalExtension, $mime );
+ }
+ }
+
+ # check for htmlish code and javascript
+ if ( !$wgDisableUploadScriptChecks ) {
+ if ( $this->mFinalExtension == 'svg' || $mime ==
'image/svg+xml' ) {
+ $svgStatus = $this->detectScriptInSvg(
$this->mTempPath, false );
+ if ( $svgStatus !== false ) {
+ wfProfileOut( __METHOD__ );
+
+ return $svgStatus;
+ }
}
}
@@ -504,7 +516,7 @@
return array( 'uploadscripted' );
}
if ( $this->mFinalExtension == 'svg' || $mime ==
'image/svg+xml' ) {
- $svgStatus = $this->detectScriptInSvg(
$this->mTempPath );
+ $svgStatus = $this->detectScriptInSvg(
$this->mTempPath, true );
if ( $svgStatus !== false ) {
wfProfileOut( __METHOD__ );
@@ -1274,9 +1286,10 @@
/**
* @param string $filename
+ * @param bool $partial
* @return mixed False of the file is verified (does not contain
scripts), array otherwise.
*/
- protected function detectScriptInSvg( $filename ) {
+ protected function detectScriptInSvg( $filename, $partial ) {
$this->mSVGNSError = false;
$check = new XmlTypeCheck(
$filename,
@@ -1286,7 +1299,8 @@
);
if ( $check->wellFormed !== true ) {
// Invalid xml (bug 58553)
- return array( 'uploadinvalidxml' );
+ // But only when non-partial (bug 65724)
+ return $partial ? false : array( 'uploadinvalidxml' );
} elseif ( $check->filterMatch ) {
if ( $this->mSVGNSError ) {
return array( 'uploadscriptednamespace',
$this->mSVGNSError );
--
To view, visit https://gerrit.wikimedia.org/r/164569
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6126e185eb4b183c31946f13c576521f1ed19c16
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: Brian Wolff <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
