diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2014-07-26 21:10:52 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2014-07-26 21:10:52 -0400 |
commit | be4fcbd51a4b134c7c9e3945f86295e33bbb45b6 (patch) | |
tree | e1bc6098e720429b75bd69e4566c39c7fb29aafe /includes/upload/UploadBase.php | |
parent | 68da4046dd3cbe1c3cccf4daa4a862594a01e80e (diff) | |
parent | f80b2307028ed4d9231a0bd46496b241dcf4aa5c (diff) |
Merge branch 'archwiki'
Diffstat (limited to 'includes/upload/UploadBase.php')
-rw-r--r-- | includes/upload/UploadBase.php | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index c0c37b3f..40b3b19a 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1283,11 +1283,20 @@ abstract class UploadBase { return true; } - # href with javascript target - if ( $stripped == 'href' && strpos( strtolower( $value ), 'javascript:' ) !== false ) { - wfDebug( __METHOD__ . ": Found script in href attribute '$attrib'='$value' in uploaded file.\n" ); + # href with non-local target (don't allow http://, javascript:, etc) + if ( $stripped == 'href' + && strpos( $value, 'data:' ) !== 0 + && strpos( $value, '#' ) !== 0 + ) { + if ( !( $strippedElement === 'a' + && preg_match( '!^https?://!im', $value ) ) + ) { + wfDebug( __METHOD__ . ": Found href attribute <$strippedElement " + . "'$attrib'='$value' in uploaded file.\n" ); + return true; } + } # href with embedded svg as target if ( $stripped == 'href' && preg_match( '!data:[^,]*image/svg[^,]*,!sim', $value ) ) { |