https://bugzilla.wikimedia.org/show_bug.cgi?id=60960
Andre Klapper <aklap...@wikimedia.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|Unprioritized |Normal
Summary|Vector Skin Not Displaying |Vector Skin Not Displaying:
| |file_exists() doesn't
| |filter for "data:" URLs?
--- Comment #2 from Andre Klapper <aklap...@wikimedia.org> ---
MW 1.22.2 PHP 5.4.1 MySQL 5.5.24
Ciencia Al Poder commented on the Support Desk thread:
This seems to be a bug.
https://git.wikimedia.org/blob/mediawiki%2Fcore.git/REL1_22/includes%2Flibs%2FCSSMin.php#L76
It's looking for file_exists() based on the match of URL_REGEX, which only
takes into account all url() values in CSS, but it doesn't filter for data:
URL, which is unnecessarily feeding file_exists() for data: URLs that aren't
going to be found on the server.
In fact, I don't see any further validation on those paths, so I don't know
if a malicious CSS file can expose any file accessible from PHP.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
