Update to MediaWiki 1.22.8

author: Pierre Schmitz <pierre@archlinux.de> 2014-06-26 05:36:14 +0200
committer: Pierre Schmitz <pierre@archlinux.de> 2014-06-26 05:36:14 +0200
commit: f80b2307028ed4d9231a0bd46496b241dcf4aa5c (patch)
tree: 304d10d899df0e72a16ea1c07b17c19e8b753467 /includes/upload/UploadBase.php
parent: 3d92394be2570f9f49c7904cacc2bc8d790e72f2 (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index c0c37b3f..40b3b19a 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1283,11 +1283,20 @@ abstract class UploadBase {
 				return true;
 			}
 
-			# href with javascript target
-			if ( $stripped == 'href' && strpos( strtolower( $value ), 'javascript:' ) !== false ) {
-				wfDebug( __METHOD__ . ": Found script in href attribute '$attrib'='$value' in uploaded file.\n" );
+			# href with non-local target (don't allow http://, javascript:, etc)
+			if ( $stripped == 'href'
+				&& strpos( $value, 'data:' ) !== 0
+				&& strpos( $value, '#' ) !== 0
+			) {
+				if ( !( $strippedElement === 'a'
+					&& preg_match( '!^https?://!im', $value ) )
+				) {
+					wfDebug( __METHOD__ . ": Found href attribute <$strippedElement "
+						. "'$attrib'='$value' in uploaded file.\n" );
+
 				return true;
 			}
+			}
 
 			# href with embedded svg as target
 			if ( $stripped == 'href' && preg_match( '!data:[^,]*image/svg[^,]*,!sim', $value ) ) {
author	Pierre Schmitz <pierre@archlinux.de>	2014-06-26 05:36:14 +0200
committer	Pierre Schmitz <pierre@archlinux.de>	2014-06-26 05:36:14 +0200
commit	f80b2307028ed4d9231a0bd46496b241dcf4aa5c (patch)
tree	304d10d899df0e72a16ea1c07b17c19e8b753467 /includes/upload/UploadBase.php
parent	3d92394be2570f9f49c7904cacc2bc8d790e72f2 (diff)