diff options
-rw-r--r-- | RELEASE-NOTES-1.22 | 10 | ||||
-rw-r--r-- | extensions/PdfHandler/PdfHandler_body.php | 29 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 | ||||
-rw-r--r-- | includes/WikiPage.php | 2 | ||||
-rw-r--r-- | includes/installer/Installer.i18n.php | 9 | ||||
-rw-r--r-- | includes/installer/Installer.php | 22 | ||||
-rw-r--r-- | includes/media/Bitmap.php | 58 | ||||
-rw-r--r-- | includes/media/DjVu.php | 9 | ||||
-rw-r--r-- | includes/media/ImageHandler.php | 1 | ||||
-rw-r--r-- | maintenance/update.php | 14 |
10 files changed, 109 insertions, 47 deletions
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 index ff858e91..ed64aa4d 100644 --- a/RELEASE-NOTES-1.22 +++ b/RELEASE-NOTES-1.22 @@ -3,6 +3,16 @@ Security reminder: MediaWiki does not require PHP's register_globals. If you have it on, turn it '''off''' if you can. +== MediaWiki 1.22.2 == + +This is a security and bugfix release of the MediaWiki 1.22 branch. + +=== Changes since 1.22.1 === + +* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats +* (bug 58253) Check for very old PCRE versions in installer and updater +* (bug 60054) Make WikiPage::$mPreparedEdit public + == MediaWiki 1.22.1 == This is a security and maintenance release of the MediaWiki 1.22 branch. diff --git a/extensions/PdfHandler/PdfHandler_body.php b/extensions/PdfHandler/PdfHandler_body.php index 8fa6719b..d9ed4884 100644 --- a/extensions/PdfHandler/PdfHandler_body.php +++ b/extensions/PdfHandler/PdfHandler_body.php @@ -167,13 +167,28 @@ class PdfHandler extends ImageHandler { $srcPath = $image->getLocalRefPath(); - $cmd = '(' . wfEscapeShellArg( $wgPdfProcessor ); - $cmd .= " -sDEVICE=jpeg -sOutputFile=- -dFirstPage={$page} -dLastPage={$page}"; - $cmd .= " -r{$wgPdfHandlerDpi} -dBATCH -dNOPAUSE -q ". wfEscapeShellArg( $srcPath ); - $cmd .= " | " . wfEscapeShellArg( $wgPdfPostProcessor ); - $cmd .= " -depth 8 -resize {$width} - "; - $cmd .= wfEscapeShellArg( $dstPath ) . ")"; - $cmd .= " 2>&1"; + $cmd = '(' . wfEscapeShellArg( + $wgPdfProcessor, + "-sDEVICE=jpeg", + "-sOutputFile=-", + "-dFirstPage={$page}", + "-dLastPage={$page}", + "-r{$wgPdfHandlerDpi}", + "-dBATCH", + "-dNOPAUSE", + "-q", + $srcPath + ); + $cmd .= " | " . wfEscapeShellArg( + $wgPdfPostProcessor, + "-depth", + "8", + "-resize", + $width, + "-", + $dstPath + ); + $cmd .= ") 2>&1"; wfProfileIn( 'PdfHandler' ); wfDebug( __METHOD__ . ": $cmd\n" ); diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index f423e623..e9b4f490 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -63,7 +63,7 @@ $wgConf = new SiteConfiguration; * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.22.1'; +$wgVersion = '1.22.2'; /** * Name of the site. It must be changed in LocalSettings.php diff --git a/includes/WikiPage.php b/includes/WikiPage.php index 61a05a12..099cb897 100644 --- a/includes/WikiPage.php +++ b/includes/WikiPage.php @@ -51,7 +51,7 @@ class WikiPage implements Page, IDBAccessObject { /**@}}*/ /** @var stdclass Map of cache fields (text, parser output, ect) for a proposed/new edit */ - protected $mPreparedEdit = false; + public $mPreparedEdit = false; /** * @var int diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php index 16e83e4f..a9971b4f 100644 --- a/includes/installer/Installer.i18n.php +++ b/includes/installer/Installer.i18n.php @@ -124,8 +124,9 @@ It may cause problems, particularly if using file uploads and <code>math</code> 'config-xml-bad' => "PHP's XML module is missing. MediaWiki requires functions in this module and will not work in this configuration. If you're running Mandrake, install the php-xml package.", - 'config-pcre' => 'The PCRE support module appears to be missing. -MediaWiki requires the Perl-compatible regular expression functions to work.', + 'config-pcre-old' => "'''Fatal:''' PCRE $1 or later is required. +Your PHP binary is linked with PCRE $2. +[https://www.mediawiki.org/wiki/Manual:Errors_and_symptoms/PCRE More information].", 'config-pcre-no-utf8' => "'''Fatal:''' PHP's PCRE module seems to be compiled without PCRE_UTF8 support. MediaWiki requires UTF-8 support to function correctly.", 'config-memory-raised' => "PHP's <code>memory_limit</code> is $1, raised to $2.", @@ -651,6 +652,10 @@ Parameters: 'config-mbstring' => '{{Related|Config-fatal}}', 'config-ze1' => '{{Related|Config-fatal}}', 'config-pcre' => 'PCRE is an initialism for "Perl-compatible regular expression". Perl is programming language whose [[:w:regular expression|regular expression]] syntax is popular and used in other languages using a library called PCRE.', + 'config-pcre-old' => 'Parameters: +* $1 - minimum PCRE version number +* $2 - the installed version of [[wikipedia:PCRE|PCRE]] +{{Related|Config-fatal}}', 'config-pcre-no-utf8' => "PCRE is a name of a programmers' library for supporting regular expressions. It can probably be translated without change. {{Related|Config-fatal}}", 'config-memory-raised' => 'Parameters: diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php index 62bb2ec4..f248d859 100644 --- a/includes/installer/Installer.php +++ b/includes/installer/Installer.php @@ -42,6 +42,14 @@ abstract class Installer { const MINIMUM_PHP_VERSION = '5.3.2'; /** + * The oldest version of PCRE we can support. + * + * Defining this is necessary because PHP may be linked with a system version + * of PCRE, which may be older than that bundled with the minimum PHP version. + */ + const MINIMUM_PCRE_VERSION = '7.2'; + + /** * @var array */ protected $settings; @@ -416,6 +424,15 @@ abstract class Installer { $good = false; } + // Must go here because an old version of PCRE can prevent other checks from completing + if ( $good ) { + list( $pcreVersion ) = explode( ' ', PCRE_VERSION, 2 ); + if ( version_compare( $pcreVersion, self::MINIMUM_PCRE_VERSION, '<' ) ) { + $this->showError( 'config-pcre-old', self::MINIMUM_PCRE_VERSION, $pcreVersion ); + $good = false; + } + } + if ( $good ) { foreach ( $this->envChecks as $check ) { $status = $this->$check(); @@ -826,11 +843,6 @@ abstract class Installer { * @return bool */ protected function envCheckPCRE() { - if ( !function_exists( 'preg_match' ) ) { - $this->showError( 'config-pcre' ); - - return false; - } wfSuppressWarnings(); $regexd = preg_replace( '/[\x{0430}-\x{04FF}]/iu', '', '-АБВГД-' ); // Need to check for \p support too, as PCRE can be compiled diff --git a/includes/media/Bitmap.php b/includes/media/Bitmap.php index e2444a11..79b0497d 100644 --- a/includes/media/Bitmap.php +++ b/includes/media/Bitmap.php @@ -277,27 +277,27 @@ class BitmapHandler extends ImageHandler { $wgMaxAnimatedGifArea, $wgImageMagickTempDir, $wgImageMagickConvertCommand; - $quality = ''; - $sharpen = ''; + $quality = array(); + $sharpen = array(); $scene = false; - $animation_pre = ''; - $animation_post = ''; - $decoderHint = ''; + $animation_pre = array(); + $animation_post = array(); + $decoderHint = array(); if ( $params['mimeType'] == 'image/jpeg' ) { - $quality = "-quality 80"; // 80% + $quality = array( '-quality', '80' ); // 80% # Sharpening, see bug 6193 if ( ( $params['physicalWidth'] + $params['physicalHeight'] ) / ( $params['srcWidth'] + $params['srcHeight'] ) < $wgSharpenReductionThreshold ) { - $sharpen = "-sharpen " . wfEscapeShellArg( $wgSharpenParameter ); + $sharpen = array( '-sharpen', $wgSharpenParameter ); } if ( version_compare( $this->getMagickVersion(), "6.5.6" ) >= 0 ) { // JPEG decoder hint to reduce memory, available since IM 6.5.6-2 - $decoderHint = "-define jpeg:size={$params['physicalDimensions']}"; + $decoderHint = array( '-define', "jpeg:size={$params['physicalDimensions']}" ); } } elseif ( $params['mimeType'] == 'image/png' ) { - $quality = "-quality 95"; // zlib 9, adaptive filtering + $quality = array( '-quality', '95' ); // zlib 9, adaptive filtering } elseif ( $params['mimeType'] == 'image/gif' ) { if ( $this->getImageArea( $image ) > $wgMaxAnimatedGifArea ) { @@ -307,15 +307,15 @@ class BitmapHandler extends ImageHandler { } elseif ( $this->isAnimatedImage( $image ) ) { // Coalesce is needed to scale animated GIFs properly (bug 1017). - $animation_pre = '-coalesce'; + $animation_pre = array( '-coalesce' ); // We optimize the output, but -optimize is broken, // use optimizeTransparency instead (bug 11822) if ( version_compare( $this->getMagickVersion(), "6.3.5" ) >= 0 ) { - $animation_post = '-fuzz 5% -layers optimizeTransparency'; + $animation_post = array( '-fuzz', '5%', '-layers', 'optimizeTransparency' ); } } } elseif ( $params['mimeType'] == 'image/x-xcf' ) { - $animation_post = '-layers merge'; + $animation_post = array( '-layers', 'merge' ); } // Use one thread only, to avoid deadlock bugs on OOM @@ -327,26 +327,28 @@ class BitmapHandler extends ImageHandler { $rotation = $this->getRotation( $image ); list( $width, $height ) = $this->extractPreRotationDimensions( $params, $rotation ); - $cmd = - wfEscapeShellArg( $wgImageMagickConvertCommand ) . + $cmd = call_user_func_array( 'wfEscapeShellArg', array_merge( + array( $wgImageMagickConvertCommand ), + $quality, // Specify white background color, will be used for transparent images // in Internet Explorer/Windows instead of default black. - " {$quality} -background white" . - " {$decoderHint} " . - wfEscapeShellArg( $this->escapeMagickInput( $params['srcPath'], $scene ) ) . - " {$animation_pre}" . + array( '-background', 'white' ), + $decoderHint, + array( $this->escapeMagickInput( $params['srcPath'], $scene ) ), + $animation_pre, // For the -thumbnail option a "!" is needed to force exact size, // or ImageMagick may decide your ratio is wrong and slice off // a pixel. - " -thumbnail " . wfEscapeShellArg( "{$width}x{$height}!" ) . + array( '-thumbnail', "{$width}x{$height}!" ), // Add the source url as a comment to the thumb, but don't add the flag if there's no comment ( $params['comment'] !== '' - ? " -set comment " . wfEscapeShellArg( $this->escapeMagickProperty( $params['comment'] ) ) - : '' ) . - " -depth 8 $sharpen " . - " -rotate -$rotation " . - " {$animation_post} " . - wfEscapeShellArg( $this->escapeMagickOutput( $params['dstPath'] ) ); + ? array( '-set', 'comment', $this->escapeMagickProperty( $params['comment'] ) ) + : array() ), + array( '-depth', 8 ), + $sharpen, + array( '-rotate', "-$rotation" ), + $animation_post, + array( $this->escapeMagickOutput( $params['dstPath'] ) ) ) ); wfDebug( __METHOD__ . ": running ImageMagick: $cmd\n" ); wfProfileIn( 'convert' ); @@ -456,8 +458,8 @@ class BitmapHandler extends ImageHandler { $dst = wfEscapeShellArg( $params['dstPath'] ); $cmd = $wgCustomConvertCommand; $cmd = str_replace( '%s', $src, str_replace( '%d', $dst, $cmd ) ); # Filenames - $cmd = str_replace( '%h', $params['physicalHeight'], - str_replace( '%w', $params['physicalWidth'], $cmd ) ); # Size + $cmd = str_replace( '%h', wfEscapeShellArg( $params['physicalHeight'] ), + str_replace( '%w', wfEscapeShellArg( $params['physicalWidth'] ), $cmd ) ); # Size wfDebug( __METHOD__ . ": Running custom convert command $cmd\n" ); wfProfileIn( 'convert' ); $retval = 0; @@ -744,7 +746,7 @@ class BitmapHandler extends ImageHandler { case 'im': $cmd = wfEscapeShellArg( $wgImageMagickConvertCommand ) . " " . wfEscapeShellArg( $this->escapeMagickInput( $params['srcPath'], $scene ) ) . - " -rotate -$rotation " . + " -rotate " . wfEscapeShellArg( "-$rotation" ) . " " . wfEscapeShellArg( $this->escapeMagickOutput( $params['dstPath'] ) ); wfDebug( __METHOD__ . ": running ImageMagick: $cmd\n" ); wfProfileIn( 'convert' ); diff --git a/includes/media/DjVu.php b/includes/media/DjVu.php index b9e89d9d..9b8116e9 100644 --- a/includes/media/DjVu.php +++ b/includes/media/DjVu.php @@ -177,9 +177,12 @@ class DjVuHandler extends ImageHandler { $srcPath = $image->getLocalRefPath(); # Use a subshell (brackets) to aggregate stderr from both pipeline commands # before redirecting it to the overall stdout. This works in both Linux and Windows XP. - $cmd = '(' . wfEscapeShellArg( $wgDjvuRenderer ) . " -format=ppm -page={$page}" . - " -size={$params['physicalWidth']}x{$params['physicalHeight']} " . - wfEscapeShellArg( $srcPath ); + $cmd = '(' . wfEscapeShellArg( + $wgDjvuRenderer, + "-format=ppm", + "-page={$page}", + "-size={$params['physicalWidth']}x{$params['physicalHeight']}", + $srcPath ); if ( $wgDjvuPostProcessor ) { $cmd .= " | {$wgDjvuPostProcessor}"; } diff --git a/includes/media/ImageHandler.php b/includes/media/ImageHandler.php index e079003b..6794e4bf 100644 --- a/includes/media/ImageHandler.php +++ b/includes/media/ImageHandler.php @@ -93,6 +93,7 @@ abstract class ImageHandler extends MediaHandler { if ( !isset( $params['page'] ) ) { $params['page'] = 1; } else { + $params['page'] = intval( $params['page'] ); if ( $params['page'] > $image->pageCount() ) { $params['page'] = $image->pageCount(); } diff --git a/maintenance/update.php b/maintenance/update.php index 378217fd..19429716 100644 --- a/maintenance/update.php +++ b/maintenance/update.php @@ -57,6 +57,20 @@ class UpdateMediaWiki extends Maintenance { } function compatChecks() { + // Avoid syntax error in PHP4 + $minimumPcreVersion = constant( 'Installer::MINIMUM_PCRE_VERSION' ); + + list( $pcreVersion ) = explode( ' ', PCRE_VERSION, 2 ); + if ( version_compare( $pcreVersion, $minimumPcreVersion, '<' ) ) { + $this->error( + "PCRE $minimumPcreVersion or later is required.\n" . + "Your PHP binary is linked with PCRE $pcreVersion.\n\n" . + "More information:\n" . + "https://www.mediawiki.org/wiki/Manual:Errors_and_symptoms/PCRE\n\n" . + "ABORTING.\n", + true ); + } + $test = new PhpXmlBugTester(); if ( !$test->ok ) { $this->error( |