11 protected function setUp() {
15 $this->upload =
new UploadTestHandler;
17 $wgHooks[
'InterwikiLoadPrefix'][] =
function ( $prefix, &$data ) {
36 public function testTitleValidation( $srcFilename, $dstFilename, $code, $msg ) {
38 $this->assertEquals( $code,
39 $this->upload->testTitleValidation( $srcFilename ),
44 $this->assertEquals( $dstFilename,
45 $this->upload->getTitle()->getText(),
53 public static function provideTestTitleValidation() {
57 'upload valid title' ),
60 'upload title with slash' ),
63 'upload title with colon' ),
66 'upload title with File prefix' ),
69 'illegal title for upload' ),
72 'upload title without extension' ),
75 'upload title without basename' ),
78 'upload title longer than 255 bytes' ),
81 'upload title longer than 240 bytes' ),
89 public function testVerifyUpload() {
91 $this->upload->initializePathInfo(
'',
'', 0 );
92 $result = $this->upload->verifyUpload();
95 'upload empty file' );
99 private function createFileOfSize(
$size ) {
100 $filename = tempnam(
wfTempDir(),
"mwuploadtest" );
102 $fh = fopen( $filename,
'w' );
103 ftruncate( $fh,
$size );
114 public function testMaxUploadSize() {
116 $savedGlobal = $wgMaxUploadSize;
120 $wgMaxUploadSize = 100;
122 $filename = $this->createFileOfSize( $wgMaxUploadSize );
123 $this->upload->initializePathInfo( basename( $filename ) .
'.txt', $filename, 100 );
124 $result = $this->upload->verifyUpload();
130 $wgMaxUploadSize = $savedGlobal;
137 public function testCheckSvgScriptCallback( $svg, $wellFormed, $filterMatch, $message ) {
138 list( $formed, $match ) = $this->upload->checkSvgString( $svg );
139 $this->assertSame( $wellFormed, $formed, $message );
140 $this->assertSame( $filterMatch, $match, $message );
143 public static function provideCheckSvgScriptCallback() {
147 '<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>',
150 'Script tag in svg (http://html5sec.org/#47)'
153 '<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>',
156 'SVG with onload property (http://html5sec.org/#11)'
159 '<svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>',
162 'SVG with onload property (http://html5sec.org/#65)'
165 '<svg xmlns="http://www.w3.org/2000/svg"> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(1)"><rect width="1000" height="1000" fill="white"/></a> </svg>',
168 'SVG with javascript xlink (http://html5sec.org/#87)'
171 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <animation xlink:href="javascript:alert(1)"/> </svg>',
174 'SVG with Opera animation xlink (http://html5sec.org/#88 - a)'
177 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <animation xlink:href="data:text/xml,%3Csvg xmlns=\'http://www.w3.org/2000/svg\' onload=\'alert(1)\'%3E%3C/svg%3E"/> </svg>',
180 'SVG with Opera animation xlink (http://html5sec.org/#88 - b)'
183 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <image xlink:href="data:image/svg+xml,%3Csvg xmlns=\'http://www.w3.org/2000/svg\' onload=\'alert(1)\'%3E%3C/svg%3E"/> </svg>',
186 'SVG with Opera image xlink (http://html5sec.org/#88 - c)'
189 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <foreignObject xlink:href="javascript:alert(1)"/> </svg>',
192 'SVG with Opera foreignObject xlink (http://html5sec.org/#88 - d)'
195 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <foreignObject xlink:href="data:text/xml,%3Cscript xmlns=\'http://www.w3.org/1999/xhtml\'%3Ealert(1)%3C/script%3E"/> </svg>',
198 'SVG with Opera foreignObject xlink (http://html5sec.org/#88 - e)'
201 '<svg xmlns="http://www.w3.org/2000/svg"> <set attributeName="onmouseover" to="alert(1)"/> </svg>',
204 'SVG with event handler set (http://html5sec.org/#89 - a)'
207 '<svg xmlns="http://www.w3.org/2000/svg"> <animate attributeName="onunload" to="alert(1)"/> </svg>',
210 'SVG with event handler animate (http://html5sec.org/#89 - a)'
213 '<svg xmlns="http://www.w3.org/2000/svg"> <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler> </svg>',
216 'SVG with element handler (http://html5sec.org/#94)'
219 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <feImage> <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/> </feImage> </svg>',
222 'SVG with href to data: url (http://html5sec.org/#95)'
225 '<svg xmlns="http://www.w3.org/2000/svg" id="foo"> <x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> </svg>',
228 'SVG with Tiny handler (http://html5sec.org/#104)'
231 '<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"><rect fill="white" width="1000" height="1000"/></a> <rect fill="white" style="clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);"/> </svg>',
234 'SVG with new CSS styles properties (http://html5sec.org/#109)'
237 '<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"><rect fill="white" width="1000" height="1000"/></a> <rect clip-path="url(test3.svg#a)" /> </svg>',
240 'SVG with new CSS styles properties as attributes'
243 '<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"> <rect fill="white" width="1000" height="1000"/> </a> <rect fill="url(http://html5sec.org/test3.svg#a)" /> </svg>',
246 'SVG with new CSS styles properties as attributes (2)'
249 '<svg xmlns="http://www.w3.org/2000/svg"> <path d="M0,0" style="marker-start:url(test4.svg#a)"/> </svg>',
252 'SVG with path marker-start (http://html5sec.org/#110)'
255 '<?xml version="1.0"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <!DOCTYPE doc [ <!ATTLIST xsl:stylesheet id ID #REQUIRED>]> <svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert(1)"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle> </svg>',
258 'SVG with embedded stylesheet (http://html5sec.org/#125)'
261 '<svg xmlns="http://www.w3.org/2000/svg" id="x"> <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/> <handler id="y">alert(1)</handler> </svg>',
264 'SVG with handler attribute (http://html5sec.org/#127)'
269 '<svg> <image style=\'filter:url("data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ/YWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg==")\' /> </svg>',
272 'SVG with image filter via style (http://html5sec.org/#129)'
276 '<svg> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"> <circle r="400"></circle> <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="" /> </a></svg>',
279 'SVG with animate from (http://html5sec.org/#137)'
284 '<?xml version="1.0" encoding="UTF-8" standalone="no"?> <svg xmlns:xlink="http://www.w3.org/1999/xlink"> <image xlink:href="https://upload.wikimedia.org/wikipedia/commons/3/34/Bahnstrecke_Zeitz-Camburg_1930.png" /> </svg>',
287 'SVG with non-local image href (bug 65839)'
290 '<?xml version="1.0" ?> <?xml-stylesheet type="text/xsl" href="/w/index.php?title=User:Jeeves/test.xsl&action=raw&format=xml" ?> <svg> <height>50</height> <width>100</width> </svg>',
293 'SVG with remote stylesheet (bug 57550)'
296 '<svg xmlns="http://www.w3.org/2000/svg" viewbox="-1 -1 15 15"> <rect y="0" height="13" width="12" stroke="#179" rx="1" fill="#2ac"/> <text x="1.5" y="11" font-family="courier" stroke="white" font-size="16"><![CDATA[B]]></text> <iframe xmlns="http://www.w3.org/1999/xhtml" srcdoc="<script>alert('XSSED => Domain('+top.document.domain+')');</script>"></iframe> </svg>',
299 'SVG with rembeded iframe (bug 60771)'
302 '<svg xmlns="http://www.w3.org/2000/svg" viewBox="6 3 177 153" xmlns:xlink="http://www.w3.org/1999/xlink"> <style>@import url("https://fonts.googleapis.com/css?family=Bitter:700&text=WebPlatform.org");</style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold">WebPlatform.org</text> </g> </svg>',
305 'SVG with @import in style element (bug 69008)'
308 '<svg xmlns="http://www.w3.org/2000/svg" viewBox="6 3 177 153" xmlns:xlink="http://www.w3.org/1999/xlink"> <style>@import url("https://fonts.googleapis.com/css?family=Bitter:700&text=WebPlatform.org");<foo/></style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold">WebPlatform.org</text> </g> </svg>',
311 'SVG with @import in style element and child element (bug 69008#c11)'
314 '<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:url(https://www.google.com/images/srpr/logo11w.png)"/> </svg>',
317 'SVG with remote background image (bug 69008)'
320 '<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:\55rl(https://www.google.com/images/srpr/logo11w.png)"/> </svg>',
323 'SVG with remote background image, encoded (bug 69008)'
326 '<svg xmlns="http://www.w3.org/2000/svg"> <style> #a { background-image:\55rl(\'https://www.google.com/images/srpr/logo11w.png\'); } </style> <rect width="100" height="100" id="a"/> </svg>',
329 'SVG with remote background image, in style element (bug 69008)'
334 '<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:image(\'sprites.svg#xywh=40,0,20,20\')"/> </svg>',
337 'SVG with remote background image using image() (bug 69008)'
342 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <g> <a xlink:href="http://en.wikipedia.org/wiki/Main_Page"> <path transform="translate(0,496)" id="path6706" d="m 112.09375,107.6875 -5.0625,3.625 -4.3125,5.03125 -0.46875,0.5 -4.09375,3.34375 -9.125,5.28125 -8.625,-3.375 z" style="fill:#cccccc;fill-opacity:1;stroke:#6e6e6e;stroke-width:0.69999999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;display:inline" /> </a> </g> </svg>',
345 'SVG with <a> link to a remote site'
348 '<svg> <defs> <filter id="filter6226" x="-0.93243687" width="2.8648737" y="-0.24250539" height="1.4850108"> <feGaussianBlur stdDeviation="3.2344681" id="feGaussianBlur6228" /> </filter> <clipPath id="clipPath2436"> <path d="M 0,0 L 0,0 L 0,0 L 0,0 z" id="path2438" /> </clipPath> </defs> <g clip-path="url(#clipPath2436)" id="g2460"> <text id="text2466"> <tspan>12345</tspan> </text> </g> <path style="fill:#346733;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:round;stroke-linejoin:bevel;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:1, 1;stroke-dashoffset:0;filter:url(\'#filter6226\');fill-opacity:1;opacity:0.79807692" d="M 236.82371,332.63732 C 236.92217,332.63732 z" id="path5618" /> </svg>',
351 'SVG with local urls, including filter: in style'
362 public function testTitleValidation(
$name ) {
363 $this->mTitle =
false;
364 $this->mDesiredDestName =
$name;
368 return $this->mTitleError;
376 public function checkSvgString( $svg ) {
379 array( $this,
'checkSvgScriptCallback' ),
381 array(
'processing_instruction_handler' =>
'UploadBase::checkSvgPICallback' )
383 return array( $check->wellFormed, $check->filterMatch );