diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2013-05-01 08:56:50 +0200 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2013-05-01 08:56:50 +0200 |
commit | cdafed9759bbff5952f09e5a3d866f24fba57104 (patch) | |
tree | 009e2e480b45e5cfd52051b964a60d52a2a7c6df /includes | |
parent | f7253921201bcf43d385440317ab279fb83a4658 (diff) |
Update to MediaWiki 1.20.5
Diffstat (limited to 'includes')
-rw-r--r-- | includes/DefaultSettings.php | 2 | ||||
-rw-r--r-- | includes/GlobalFunctions.php | 2 | ||||
-rw-r--r-- | includes/Import.php | 2 | ||||
-rw-r--r-- | includes/media/SVGMetadataExtractor.php | 6 | ||||
-rw-r--r-- | includes/specials/SpecialChangePassword.php | 6 | ||||
-rw-r--r-- | includes/upload/UploadBase.php | 67 |
6 files changed, 79 insertions, 6 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index ed566b3b..6abc2b10 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -59,7 +59,7 @@ if( !defined( 'MEDIAWIKI' ) ) { $wgConf = new SiteConfiguration; /** MediaWiki version number */ -$wgVersion = '1.20.4'; +$wgVersion = '1.20.5'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 8f701c6b..50758c89 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2328,7 +2328,7 @@ function wfSuppressWarnings( $end = false ) { } } else { if ( !$suppressCount ) { - $originalLevel = error_reporting( E_ALL & ~( E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_DEPRECATED | E_USER_DEPRECATED ) ); + $originalLevel = error_reporting( E_ALL & ~( E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_DEPRECATED | E_USER_DEPRECATED | E_STRICT ) ); } ++$suppressCount; } diff --git a/includes/Import.php b/includes/Import.php index c32c6793..480239fe 100644 --- a/includes/Import.php +++ b/includes/Import.php @@ -441,7 +441,7 @@ class WikiImporter { if ( $this->reader->name != 'mediawiki' ) { libxml_disable_entity_loader( $oldDisable ); - throw new MWException( "Expected <mediawiki> tag, got ". + throw new MWException( "Expected <mediawiki> tag, got " . $this->reader->name ); } $this->debug( "<mediawiki> tag is correct." ); diff --git a/includes/media/SVGMetadataExtractor.php b/includes/media/SVGMetadataExtractor.php index e0740385..c6f63fd4 100644 --- a/includes/media/SVGMetadataExtractor.php +++ b/includes/media/SVGMetadataExtractor.php @@ -74,9 +74,9 @@ class SVGReader { $this->reader->open( $source, null, LIBXML_NOERROR | LIBXML_NOWARNING ); } - // Expand entities, since Adobe Illustrator uses them for xmlns - // attributes (bug 31719). Note that libxml2 has some protection - // against large recursive entity expansions so this is not as + // Expand entities, since Adobe Illustrator uses them for xmlns + // attributes (bug 31719). Note that libxml2 has some protection + // against large recursive entity expansions so this is not as // insecure as it might appear to be. However, it is still extremely // insecure. It's necessary to wrap any read() calls with // libxml_disable_entity_loader() to avoid arbitrary local file diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php index 41b3b255..ba728ac2 100644 --- a/includes/specials/SpecialChangePassword.php +++ b/includes/specials/SpecialChangePassword.php @@ -221,6 +221,12 @@ class SpecialChangePassword extends UnlistedSpecialPage { throw new PasswordError( $this->msg( 'login-throttled' )->text() ); } + $abortMsg = 'resetpass-abort-generic'; + if ( !wfRunHooks( 'AbortChangePassword', array( $user, $this->mOldpass, $newpass, &$abortMsg ) ) ) { + wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'abortreset' ) ); + throw new PasswordError( $this->msg( $abortMsg )->text() ); + } + if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) { wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) ); throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() ); diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index d40b53d3..3a5733ca 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -46,6 +46,8 @@ abstract class UploadBase { protected $mBlackListedExtensions; protected $mJavaDetected; + protected static $safeXmlEncodings = array( 'UTF-8', 'ISO-8859-1', 'ISO-8859-2', 'UTF-16', 'UTF-32' ); + const SUCCESS = 0; const OK = 0; const EMPTY_FILE = 3; @@ -966,6 +968,15 @@ abstract class UploadBase { return true; } + // Some browsers will interpret obscure xml encodings as UTF-8, while + // PHP/expat will interpret the given encoding in the xml declaration (bug 47304) + if ( $extension == 'svg' || strpos( $mime, 'image/svg' ) === 0 ) { + if ( self::checkXMLEncodingMissmatch( $file ) ) { + wfProfileOut( __METHOD__ ); + return true; + } + } + /** * Internet Explorer for Windows performs some really stupid file type * autodetection which can cause it to interpret valid image files as HTML @@ -1037,6 +1048,62 @@ abstract class UploadBase { return false; } + + /** + * Check a whitelist of xml encodings that are known not to be interpreted differently + * by the server's xml parser (expat) and some common browsers. + * + * @param string $file pathname to the temporary upload file + * @return Boolean: true if the file contains an encoding that could be misinterpreted + */ + public static function checkXMLEncodingMissmatch( $file ) { + global $wgSVGMetadataCutoff; + $contents = file_get_contents( $file, false, null, -1, $wgSVGMetadataCutoff ); + $encodingRegex = '!encoding[ \t\n\r]*=[ \t\n\r]*[\'"](.*?)[\'"]!si'; + + if ( preg_match( "!<\?xml\b(.*?)\?>!si", $contents, $matches ) ) { + if ( preg_match( $encodingRegex, $matches[1], $encMatch ) + && !in_array( strtoupper( $encMatch[1] ), self::$safeXmlEncodings ) + ) { + wfDebug( __METHOD__ . ": Found unsafe XML encoding '{$encMatch[1]}'\n" ); + return true; + } + } elseif ( preg_match( "!<\?xml\b!si", $contents ) ) { + // Start of XML declaration without an end in the first $wgSVGMetadataCutoff + // bytes. There shouldn't be a legitimate reason for this to happen. + wfDebug( __METHOD__ . ": Unmatched XML declaration start\n" ); + return true; + } elseif ( substr( $contents, 0, 4) == "\x4C\x6F\xA7\x94" ) { + // EBCDIC encoded XML + wfDebug( __METHOD__ . ": EBCDIC Encoded XML\n" ); + return true; + } + + // It's possible the file is encoded with multi-byte encoding, so re-encode attempt to + // detect the encoding in case is specifies an encoding not whitelisted in self::$safeXmlEncodings + $attemptEncodings = array( 'UTF-16', 'UTF-16BE', 'UTF-32', 'UTF-32BE' ); + foreach ( $attemptEncodings as $encoding ) { + wfSuppressWarnings(); + $str = iconv( $encoding, 'UTF-8', $contents ); + wfRestoreWarnings(); + if ( $str != '' && preg_match( "!<\?xml\b(.*?)\?>!si", $str, $matches ) ) { + if ( preg_match( $encodingRegex, $matches[1], $encMatch ) + && !in_array( strtoupper( $encMatch[1] ), self::$safeXmlEncodings ) + ) { + wfDebug( __METHOD__ . ": Found unsafe XML encoding '{$encMatch[1]}'\n" ); + return true; + } + } elseif ( $str != '' && preg_match( "!<\?xml\b!si", $str ) ) { + // Start of XML declaration without an end in the first $wgSVGMetadataCutoff + // bytes. There shouldn't be a legitimate reason for this to happen. + wfDebug( __METHOD__ . ": Unmatched XML declaration start\n" ); + return true; + } + } + + return false; + } + /** * @param $filename string * @return bool |