summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--RELEASE-NOTES-1.2210
-rw-r--r--extensions/PdfHandler/PdfHandler_body.php29
-rw-r--r--includes/DefaultSettings.php2
-rw-r--r--includes/WikiPage.php2
-rw-r--r--includes/installer/Installer.i18n.php9
-rw-r--r--includes/installer/Installer.php22
-rw-r--r--includes/media/Bitmap.php58
-rw-r--r--includes/media/DjVu.php9
-rw-r--r--includes/media/ImageHandler.php1
-rw-r--r--maintenance/update.php14
10 files changed, 109 insertions, 47 deletions
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index ff858e91..ed64aa4d 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -3,6 +3,16 @@
Security reminder: MediaWiki does not require PHP's register_globals. If you
have it on, turn it '''off''' if you can.
+== MediaWiki 1.22.2 ==
+
+This is a security and bugfix release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.1 ===
+
+* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
+* (bug 58253) Check for very old PCRE versions in installer and updater
+* (bug 60054) Make WikiPage::$mPreparedEdit public
+
== MediaWiki 1.22.1 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
diff --git a/extensions/PdfHandler/PdfHandler_body.php b/extensions/PdfHandler/PdfHandler_body.php
index 8fa6719b..d9ed4884 100644
--- a/extensions/PdfHandler/PdfHandler_body.php
+++ b/extensions/PdfHandler/PdfHandler_body.php
@@ -167,13 +167,28 @@ class PdfHandler extends ImageHandler {
$srcPath = $image->getLocalRefPath();
- $cmd = '(' . wfEscapeShellArg( $wgPdfProcessor );
- $cmd .= " -sDEVICE=jpeg -sOutputFile=- -dFirstPage={$page} -dLastPage={$page}";
- $cmd .= " -r{$wgPdfHandlerDpi} -dBATCH -dNOPAUSE -q ". wfEscapeShellArg( $srcPath );
- $cmd .= " | " . wfEscapeShellArg( $wgPdfPostProcessor );
- $cmd .= " -depth 8 -resize {$width} - ";
- $cmd .= wfEscapeShellArg( $dstPath ) . ")";
- $cmd .= " 2>&1";
+ $cmd = '(' . wfEscapeShellArg(
+ $wgPdfProcessor,
+ "-sDEVICE=jpeg",
+ "-sOutputFile=-",
+ "-dFirstPage={$page}",
+ "-dLastPage={$page}",
+ "-r{$wgPdfHandlerDpi}",
+ "-dBATCH",
+ "-dNOPAUSE",
+ "-q",
+ $srcPath
+ );
+ $cmd .= " | " . wfEscapeShellArg(
+ $wgPdfPostProcessor,
+ "-depth",
+ "8",
+ "-resize",
+ $width,
+ "-",
+ $dstPath
+ );
+ $cmd .= ") 2>&1";
wfProfileIn( 'PdfHandler' );
wfDebug( __METHOD__ . ": $cmd\n" );
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index f423e623..e9b4f490 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -63,7 +63,7 @@ $wgConf = new SiteConfiguration;
* MediaWiki version number
* @since 1.2
*/
-$wgVersion = '1.22.1';
+$wgVersion = '1.22.2';
/**
* Name of the site. It must be changed in LocalSettings.php
diff --git a/includes/WikiPage.php b/includes/WikiPage.php
index 61a05a12..099cb897 100644
--- a/includes/WikiPage.php
+++ b/includes/WikiPage.php
@@ -51,7 +51,7 @@ class WikiPage implements Page, IDBAccessObject {
/**@}}*/
/** @var stdclass Map of cache fields (text, parser output, ect) for a proposed/new edit */
- protected $mPreparedEdit = false;
+ public $mPreparedEdit = false;
/**
* @var int
diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php
index 16e83e4f..a9971b4f 100644
--- a/includes/installer/Installer.i18n.php
+++ b/includes/installer/Installer.i18n.php
@@ -124,8 +124,9 @@ It may cause problems, particularly if using file uploads and <code>math</code>
'config-xml-bad' => "PHP's XML module is missing.
MediaWiki requires functions in this module and will not work in this configuration.
If you're running Mandrake, install the php-xml package.",
- 'config-pcre' => 'The PCRE support module appears to be missing.
-MediaWiki requires the Perl-compatible regular expression functions to work.',
+ 'config-pcre-old' => "'''Fatal:''' PCRE $1 or later is required.
+Your PHP binary is linked with PCRE $2.
+[https://www.mediawiki.org/wiki/Manual:Errors_and_symptoms/PCRE More information].",
'config-pcre-no-utf8' => "'''Fatal:''' PHP's PCRE module seems to be compiled without PCRE_UTF8 support.
MediaWiki requires UTF-8 support to function correctly.",
'config-memory-raised' => "PHP's <code>memory_limit</code> is $1, raised to $2.",
@@ -651,6 +652,10 @@ Parameters:
'config-mbstring' => '{{Related|Config-fatal}}',
'config-ze1' => '{{Related|Config-fatal}}',
'config-pcre' => 'PCRE is an initialism for "Perl-compatible regular expression". Perl is programming language whose [[:w:regular expression|regular expression]] syntax is popular and used in other languages using a library called PCRE.',
+ 'config-pcre-old' => 'Parameters:
+* $1 - minimum PCRE version number
+* $2 - the installed version of [[wikipedia:PCRE|PCRE]]
+{{Related|Config-fatal}}',
'config-pcre-no-utf8' => "PCRE is a name of a programmers' library for supporting regular expressions. It can probably be translated without change.
{{Related|Config-fatal}}",
'config-memory-raised' => 'Parameters:
diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php
index 62bb2ec4..f248d859 100644
--- a/includes/installer/Installer.php
+++ b/includes/installer/Installer.php
@@ -42,6 +42,14 @@ abstract class Installer {
const MINIMUM_PHP_VERSION = '5.3.2';
/**
+ * The oldest version of PCRE we can support.
+ *
+ * Defining this is necessary because PHP may be linked with a system version
+ * of PCRE, which may be older than that bundled with the minimum PHP version.
+ */
+ const MINIMUM_PCRE_VERSION = '7.2';
+
+ /**
* @var array
*/
protected $settings;
@@ -416,6 +424,15 @@ abstract class Installer {
$good = false;
}
+ // Must go here because an old version of PCRE can prevent other checks from completing
+ if ( $good ) {
+ list( $pcreVersion ) = explode( ' ', PCRE_VERSION, 2 );
+ if ( version_compare( $pcreVersion, self::MINIMUM_PCRE_VERSION, '<' ) ) {
+ $this->showError( 'config-pcre-old', self::MINIMUM_PCRE_VERSION, $pcreVersion );
+ $good = false;
+ }
+ }
+
if ( $good ) {
foreach ( $this->envChecks as $check ) {
$status = $this->$check();
@@ -826,11 +843,6 @@ abstract class Installer {
* @return bool
*/
protected function envCheckPCRE() {
- if ( !function_exists( 'preg_match' ) ) {
- $this->showError( 'config-pcre' );
-
- return false;
- }
wfSuppressWarnings();
$regexd = preg_replace( '/[\x{0430}-\x{04FF}]/iu', '', '-АБВГД-' );
// Need to check for \p support too, as PCRE can be compiled
diff --git a/includes/media/Bitmap.php b/includes/media/Bitmap.php
index e2444a11..79b0497d 100644
--- a/includes/media/Bitmap.php
+++ b/includes/media/Bitmap.php
@@ -277,27 +277,27 @@ class BitmapHandler extends ImageHandler {
$wgMaxAnimatedGifArea,
$wgImageMagickTempDir, $wgImageMagickConvertCommand;
- $quality = '';
- $sharpen = '';
+ $quality = array();
+ $sharpen = array();
$scene = false;
- $animation_pre = '';
- $animation_post = '';
- $decoderHint = '';
+ $animation_pre = array();
+ $animation_post = array();
+ $decoderHint = array();
if ( $params['mimeType'] == 'image/jpeg' ) {
- $quality = "-quality 80"; // 80%
+ $quality = array( '-quality', '80' ); // 80%
# Sharpening, see bug 6193
if ( ( $params['physicalWidth'] + $params['physicalHeight'] )
/ ( $params['srcWidth'] + $params['srcHeight'] )
< $wgSharpenReductionThreshold ) {
- $sharpen = "-sharpen " . wfEscapeShellArg( $wgSharpenParameter );
+ $sharpen = array( '-sharpen', $wgSharpenParameter );
}
if ( version_compare( $this->getMagickVersion(), "6.5.6" ) >= 0 ) {
// JPEG decoder hint to reduce memory, available since IM 6.5.6-2
- $decoderHint = "-define jpeg:size={$params['physicalDimensions']}";
+ $decoderHint = array( '-define', "jpeg:size={$params['physicalDimensions']}" );
}
} elseif ( $params['mimeType'] == 'image/png' ) {
- $quality = "-quality 95"; // zlib 9, adaptive filtering
+ $quality = array( '-quality', '95' ); // zlib 9, adaptive filtering
} elseif ( $params['mimeType'] == 'image/gif' ) {
if ( $this->getImageArea( $image ) > $wgMaxAnimatedGifArea ) {
@@ -307,15 +307,15 @@ class BitmapHandler extends ImageHandler {
} elseif ( $this->isAnimatedImage( $image ) ) {
// Coalesce is needed to scale animated GIFs properly (bug 1017).
- $animation_pre = '-coalesce';
+ $animation_pre = array( '-coalesce' );
// We optimize the output, but -optimize is broken,
// use optimizeTransparency instead (bug 11822)
if ( version_compare( $this->getMagickVersion(), "6.3.5" ) >= 0 ) {
- $animation_post = '-fuzz 5% -layers optimizeTransparency';
+ $animation_post = array( '-fuzz', '5%', '-layers', 'optimizeTransparency' );
}
}
} elseif ( $params['mimeType'] == 'image/x-xcf' ) {
- $animation_post = '-layers merge';
+ $animation_post = array( '-layers', 'merge' );
}
// Use one thread only, to avoid deadlock bugs on OOM
@@ -327,26 +327,28 @@ class BitmapHandler extends ImageHandler {
$rotation = $this->getRotation( $image );
list( $width, $height ) = $this->extractPreRotationDimensions( $params, $rotation );
- $cmd =
- wfEscapeShellArg( $wgImageMagickConvertCommand ) .
+ $cmd = call_user_func_array( 'wfEscapeShellArg', array_merge(
+ array( $wgImageMagickConvertCommand ),
+ $quality,
// Specify white background color, will be used for transparent images
// in Internet Explorer/Windows instead of default black.
- " {$quality} -background white" .
- " {$decoderHint} " .
- wfEscapeShellArg( $this->escapeMagickInput( $params['srcPath'], $scene ) ) .
- " {$animation_pre}" .
+ array( '-background', 'white' ),
+ $decoderHint,
+ array( $this->escapeMagickInput( $params['srcPath'], $scene ) ),
+ $animation_pre,
// For the -thumbnail option a "!" is needed to force exact size,
// or ImageMagick may decide your ratio is wrong and slice off
// a pixel.
- " -thumbnail " . wfEscapeShellArg( "{$width}x{$height}!" ) .
+ array( '-thumbnail', "{$width}x{$height}!" ),
// Add the source url as a comment to the thumb, but don't add the flag if there's no comment
( $params['comment'] !== ''
- ? " -set comment " . wfEscapeShellArg( $this->escapeMagickProperty( $params['comment'] ) )
- : '' ) .
- " -depth 8 $sharpen " .
- " -rotate -$rotation " .
- " {$animation_post} " .
- wfEscapeShellArg( $this->escapeMagickOutput( $params['dstPath'] ) );
+ ? array( '-set', 'comment', $this->escapeMagickProperty( $params['comment'] ) )
+ : array() ),
+ array( '-depth', 8 ),
+ $sharpen,
+ array( '-rotate', "-$rotation" ),
+ $animation_post,
+ array( $this->escapeMagickOutput( $params['dstPath'] ) ) ) );
wfDebug( __METHOD__ . ": running ImageMagick: $cmd\n" );
wfProfileIn( 'convert' );
@@ -456,8 +458,8 @@ class BitmapHandler extends ImageHandler {
$dst = wfEscapeShellArg( $params['dstPath'] );
$cmd = $wgCustomConvertCommand;
$cmd = str_replace( '%s', $src, str_replace( '%d', $dst, $cmd ) ); # Filenames
- $cmd = str_replace( '%h', $params['physicalHeight'],
- str_replace( '%w', $params['physicalWidth'], $cmd ) ); # Size
+ $cmd = str_replace( '%h', wfEscapeShellArg( $params['physicalHeight'] ),
+ str_replace( '%w', wfEscapeShellArg( $params['physicalWidth'] ), $cmd ) ); # Size
wfDebug( __METHOD__ . ": Running custom convert command $cmd\n" );
wfProfileIn( 'convert' );
$retval = 0;
@@ -744,7 +746,7 @@ class BitmapHandler extends ImageHandler {
case 'im':
$cmd = wfEscapeShellArg( $wgImageMagickConvertCommand ) . " " .
wfEscapeShellArg( $this->escapeMagickInput( $params['srcPath'], $scene ) ) .
- " -rotate -$rotation " .
+ " -rotate " . wfEscapeShellArg( "-$rotation" ) . " " .
wfEscapeShellArg( $this->escapeMagickOutput( $params['dstPath'] ) );
wfDebug( __METHOD__ . ": running ImageMagick: $cmd\n" );
wfProfileIn( 'convert' );
diff --git a/includes/media/DjVu.php b/includes/media/DjVu.php
index b9e89d9d..9b8116e9 100644
--- a/includes/media/DjVu.php
+++ b/includes/media/DjVu.php
@@ -177,9 +177,12 @@ class DjVuHandler extends ImageHandler {
$srcPath = $image->getLocalRefPath();
# Use a subshell (brackets) to aggregate stderr from both pipeline commands
# before redirecting it to the overall stdout. This works in both Linux and Windows XP.
- $cmd = '(' . wfEscapeShellArg( $wgDjvuRenderer ) . " -format=ppm -page={$page}" .
- " -size={$params['physicalWidth']}x{$params['physicalHeight']} " .
- wfEscapeShellArg( $srcPath );
+ $cmd = '(' . wfEscapeShellArg(
+ $wgDjvuRenderer,
+ "-format=ppm",
+ "-page={$page}",
+ "-size={$params['physicalWidth']}x{$params['physicalHeight']}",
+ $srcPath );
if ( $wgDjvuPostProcessor ) {
$cmd .= " | {$wgDjvuPostProcessor}";
}
diff --git a/includes/media/ImageHandler.php b/includes/media/ImageHandler.php
index e079003b..6794e4bf 100644
--- a/includes/media/ImageHandler.php
+++ b/includes/media/ImageHandler.php
@@ -93,6 +93,7 @@ abstract class ImageHandler extends MediaHandler {
if ( !isset( $params['page'] ) ) {
$params['page'] = 1;
} else {
+ $params['page'] = intval( $params['page'] );
if ( $params['page'] > $image->pageCount() ) {
$params['page'] = $image->pageCount();
}
diff --git a/maintenance/update.php b/maintenance/update.php
index 378217fd..19429716 100644
--- a/maintenance/update.php
+++ b/maintenance/update.php
@@ -57,6 +57,20 @@ class UpdateMediaWiki extends Maintenance {
}
function compatChecks() {
+ // Avoid syntax error in PHP4
+ $minimumPcreVersion = constant( 'Installer::MINIMUM_PCRE_VERSION' );
+
+ list( $pcreVersion ) = explode( ' ', PCRE_VERSION, 2 );
+ if ( version_compare( $pcreVersion, $minimumPcreVersion, '<' ) ) {
+ $this->error(
+ "PCRE $minimumPcreVersion or later is required.\n" .
+ "Your PHP binary is linked with PCRE $pcreVersion.\n\n" .
+ "More information:\n" .
+ "https://www.mediawiki.org/wiki/Manual:Errors_and_symptoms/PCRE\n\n" .
+ "ABORTING.\n",
+ true );
+ }
+
$test = new PhpXmlBugTester();
if ( !$test->ok ) {
$this->error(