MediaWiki REL1_28
UploadBaseTest.php
Go to the documentation of this file.
1<?php
2
6class UploadBaseTest extends MediaWikiTestCase {
7
9 protected $upload;
10
11 protected function setUp() {
12 parent::setUp();
13
14 $this->upload = new UploadTestHandler;
15
16 $this->setMwGlobals( 'wgHooks', [
17 'InterwikiLoadPrefix' => [
18 function ( $prefix, &$data ) {
19 return false;
20 }
21 ],
22 ] );
23 }
24
32 public function testTitleValidation( $srcFilename, $dstFilename, $code, $msg ) {
33 /* Check the result code */
34 $this->assertEquals( $code,
35 $this->upload->testTitleValidation( $srcFilename ),
36 "$msg code" );
37
38 /* If we expect a valid title, check the title itself. */
39 if ( $code == UploadBase::OK ) {
40 $this->assertEquals( $dstFilename,
41 $this->upload->getTitle()->getText(),
42 "$msg text" );
43 }
44 }
45
49 public static function provideTestTitleValidation() {
50 return [
51 /* Test a valid title */
52 [ 'ValidTitle.jpg', 'ValidTitle.jpg', UploadBase::OK,
53 'upload valid title' ],
54 /* A title with a slash */
55 [ 'A/B.jpg', 'A-B.jpg', UploadBase::OK,
56 'upload title with slash' ],
57 /* A title with illegal char */
58 [ 'A:B.jpg', 'A-B.jpg', UploadBase::OK,
59 'upload title with colon' ],
60 /* Stripping leading File: prefix */
61 [ 'File:C.jpg', 'C.jpg', UploadBase::OK,
62 'upload title with File prefix' ],
63 /* Test illegal suggested title (r94601) */
64 [ '%281%29.JPG', null, UploadBase::ILLEGAL_FILENAME,
65 'illegal title for upload' ],
66 /* A title without extension */
67 [ 'A', null, UploadBase::FILETYPE_MISSING,
68 'upload title without extension' ],
69 /* A title with no basename */
70 [ '.jpg', null, UploadBase::MIN_LENGTH_PARTNAME,
71 'upload title without basename' ],
72 /* A title that is longer than 255 bytes */
73 [ str_repeat( 'a', 255 ) . '.jpg', null, UploadBase::FILENAME_TOO_LONG,
74 'upload title longer than 255 bytes' ],
75 /* A title that is longer than 240 bytes */
76 [ str_repeat( 'a', 240 ) . '.jpg', null, UploadBase::FILENAME_TOO_LONG,
77 'upload title longer than 240 bytes' ],
78 ];
79 }
80
85 public function testVerifyUpload() {
86 /* Setup with zero file size */
87 $this->upload->initializePathInfo( '', '', 0 );
88 $result = $this->upload->verifyUpload();
89 $this->assertEquals( UploadBase::EMPTY_FILE,
90 $result['status'],
91 'upload empty file' );
92 }
93
94 // Helper used to create an empty file of size $size.
95 private function createFileOfSize( $size ) {
96 $filename = $this->getNewTempFile();
97
98 $fh = fopen( $filename, 'w' );
99 ftruncate( $fh, $size );
100 fclose( $fh );
101
102 return $filename;
103 }
104
110 public function testMaxUploadSize() {
111 $this->setMwGlobals( [
112 'wgMaxUploadSize' => 100,
113 'wgFileExtensions' => [
114 'txt',
115 ],
116 ] );
117
118 $filename = $this->createFileOfSize( 100 );
119 $this->upload->initializePathInfo( basename( $filename ) . '.txt', $filename, 100 );
120 $result = $this->upload->verifyUpload();
121
122 $this->assertEquals(
123 [ 'status' => UploadBase::OK ],
124 $result
125 );
126 }
127
131 public function testCheckSvgScriptCallback( $svg, $wellFormed, $filterMatch, $message ) {
132 list( $formed, $match ) = $this->upload->checkSvgString( $svg );
133 $this->assertSame( $wellFormed, $formed, $message . " (well-formed)" );
134 $this->assertSame( $filterMatch, $match, $message . " (filter match)" );
135 }
136
137 public static function provideCheckSvgScriptCallback() {
138 // @codingStandardsIgnoreStart Generic.Files.LineLength
139 return [
140 // html5sec SVG vectors
141 [
142 '<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>',
143 true,
144 true,
145 'Script tag in svg (http://html5sec.org/#47)'
146 ],
147 [
148 '<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>',
149 true,
150 true,
151 'SVG with onload property (http://html5sec.org/#11)'
152 ],
153 [
154 '<svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>',
155 true,
156 true,
157 'SVG with onload property (http://html5sec.org/#65)'
158 ],
159 [
160 '<svg xmlns="http://www.w3.org/2000/svg"> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(1)"><rect width="1000" height="1000" fill="white"/></a> </svg>',
161 true,
162 true,
163 'SVG with javascript xlink (http://html5sec.org/#87)'
164 ],
165 [
166 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjUwIiBjeD0iMTAwIiBjeT0iMTAwIiBzdHlsZT0iZmlsbDogI0YwMCI+CjxzZXQgYXR0cmlidXRlTmFtZT0iZmlsbCIgYXR0cmlidXRlVHlwZT0iQ1NTIiBvbmJlZ2luPSdhbGVydChkb2N1bWVudC5jb29raWUpJwpvbmVuZD0nYWxlcnQoIm9uZW5kIiknIHRvPSIjMDBGIiBiZWdpbj0iMXMiIGR1cj0iNXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/> </svg>',
167 true,
168 true,
169 'SVG with Opera image xlink (http://html5sec.org/#88 - c)'
170 ],
171 [
172 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <animation xlink:href="javascript:alert(1)"/> </svg>',
173 true,
174 true,
175 'SVG with Opera animation xlink (http://html5sec.org/#88 - a)'
176 ],
177 [
178 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <animation xlink:href="data:text/xml,%3Csvg xmlns=\'http://www.w3.org/2000/svg\' onload=\'alert(1)\'%3E%3C/svg%3E"/> </svg>',
179 true,
180 true,
181 'SVG with Opera animation xlink (http://html5sec.org/#88 - b)'
182 ],
183 [
184 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <image xlink:href="data:image/svg+xml,%3Csvg xmlns=\'http://www.w3.org/2000/svg\' onload=\'alert(1)\'%3E%3C/svg%3E"/> </svg>',
185 true,
186 true,
187 'SVG with Opera image xlink (http://html5sec.org/#88 - c)'
188 ],
189 [
190 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <foreignObject xlink:href="javascript:alert(1)"/> </svg>',
191 true,
192 true,
193 'SVG with Opera foreignObject xlink (http://html5sec.org/#88 - d)'
194 ],
195 [
196 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <foreignObject xlink:href="data:text/xml,%3Cscript xmlns=\'http://www.w3.org/1999/xhtml\'%3Ealert(1)%3C/script%3E"/> </svg>',
197 true,
198 true,
199 'SVG with Opera foreignObject xlink (http://html5sec.org/#88 - e)'
200 ],
201 [
202 '<svg xmlns="http://www.w3.org/2000/svg"> <set attributeName="onmouseover" to="alert(1)"/> </svg>',
203 true,
204 true,
205 'SVG with event handler set (http://html5sec.org/#89 - a)'
206 ],
207 [
208 '<svg xmlns="http://www.w3.org/2000/svg"> <animate attributeName="onunload" to="alert(1)"/> </svg>',
209 true,
210 true,
211 'SVG with event handler animate (http://html5sec.org/#89 - a)'
212 ],
213 [
214 '<svg xmlns="http://www.w3.org/2000/svg"> <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler> </svg>',
215 true,
216 true,
217 'SVG with element handler (http://html5sec.org/#94)'
218 ],
219 [
220 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <feImage> <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/> </feImage> </svg>',
221 true,
222 true,
223 'SVG with href to data: url (http://html5sec.org/#95)'
224 ],
225 [
226 '<svg xmlns="http://www.w3.org/2000/svg" id="foo"> <x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> </svg>',
227 true,
228 true,
229 'SVG with Tiny handler (http://html5sec.org/#104)'
230 ],
231 [
232 '<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"><rect fill="white" width="1000" height="1000"/></a> <rect fill="white" style="clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);"/> </svg>',
233 true,
234 true,
235 'SVG with new CSS styles properties (http://html5sec.org/#109)'
236 ],
237 [
238 '<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"><rect fill="white" width="1000" height="1000"/></a> <rect clip-path="url(test3.svg#a)" /> </svg>',
239 true,
240 true,
241 'SVG with new CSS styles properties as attributes'
242 ],
243 [
244 '<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"> <rect fill="white" width="1000" height="1000"/> </a> <rect fill="url(http://html5sec.org/test3.svg#a)" /> </svg>',
245 true,
246 true,
247 'SVG with new CSS styles properties as attributes (2)'
248 ],
249 [
250 '<svg xmlns="http://www.w3.org/2000/svg"> <path d="M0,0" style="marker-start:url(test4.svg#a)"/> </svg>',
251 true,
252 true,
253 'SVG with path marker-start (http://html5sec.org/#110)'
254 ],
255 [
256 '<?xml version="1.0"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <!DOCTYPE doc [ <!ATTLIST xsl:stylesheet id ID #REQUIRED>]> <svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert(1)"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle> </svg>',
257 false,
258 true,
259 'SVG with embedded stylesheet (http://html5sec.org/#125)'
260 ],
261 [
262 '<?xml version="1.0"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert(1)"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle> </svg>',
263 true,
264 true,
265 'SVG with embedded stylesheet no doctype'
266 ],
267 [
268 '<svg xmlns="http://www.w3.org/2000/svg" id="x"> <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/> <handler id="y">alert(1)</handler> </svg>',
269 true,
270 true,
271 'SVG with handler attribute (http://html5sec.org/#127)'
272 ],
273 [
274 // Haven't found a browser that accepts this particular example, but we
275 // don't want to allow embeded svgs, ever
276 '<svg> <image style=\'filter:url("data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ/YWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg==")\' /> </svg>',
277 true,
278 true,
279 'SVG with image filter via style (http://html5sec.org/#129)'
280 ],
281 [
282 // This doesn't seem possible without embedding the svg, but just in case
283 '<svg> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"> <circle r="400"></circle> <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="" /> </a></svg>',
284 true,
285 true,
286 'SVG with animate from (http://html5sec.org/#137)'
287 ],
288 [
289 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <a><text y="1em">Click me</text> <animate attributeName="xlink:href" values="javascript:alert(\'Bang!\')" begin="0s" dur="0.1s" fill="freeze" /> </a></svg>',
290 true,
291 true,
292 'SVG with animate xlink:href (http://html5sec.org/#137)'
293 ],
294 [
295 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:y="http://www.w3.org/1999/xlink"> <a y:href="#"> <text y="1em">Click me</text> <animate attributeName="y:href" values="javascript:alert(\'Bang!\')" begin="0s" dur="0.1s" fill="freeze" /> </a> </svg>',
296 true,
297 true,
298 'SVG with animate y:href (http://html5sec.org/#137)'
299 ],
300
301 // Other hostile SVG's
302 [
303 '<?xml version="1.0" encoding="UTF-8" standalone="no"?> <svg xmlns:xlink="http://www.w3.org/1999/xlink"> <image xlink:href="https://upload.wikimedia.org/wikipedia/commons/3/34/Bahnstrecke_Zeitz-Camburg_1930.png" /> </svg>',
304 true,
305 true,
306 'SVG with non-local image href (bug 65839)'
307 ],
308 [
309 '<?xml version="1.0" ?> <?xml-stylesheet type="text/xsl" href="/w/index.php?title=User:Jeeves/test.xsl&amp;action=raw&amp;format=xml" ?> <svg> <height>50</height> <width>100</width> </svg>',
310 true,
311 true,
312 'SVG with remote stylesheet (bug 57550)'
313 ],
314 [
315 '<svg xmlns="http://www.w3.org/2000/svg" viewbox="-1 -1 15 15"> <rect y="0" height="13" width="12" stroke="#179" rx="1" fill="#2ac"/> <text x="1.5" y="11" font-family="courier" stroke="white" font-size="16"><![CDATA[B]]></text> <iframe xmlns="http://www.w3.org/1999/xhtml" srcdoc="&#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x27;&#x58;&#x53;&#x53;&#x45;&#x44;&#x20;&#x3D;&#x3E;&#x20;&#x44;&#x6F;&#x6D;&#x61;&#x69;&#x6E;&#x28;&#x27;&#x2B;&#x74;&#x6F;&#x70;&#x2E;&#x64;&#x6F;&#x63;&#x75;&#x6D;&#x65;&#x6E;&#x74;&#x2E;&#x64;&#x6F;&#x6D;&#x61;&#x69;&#x6E;&#x2B;&#x27;&#x29;&#x27;&#x29;&#x3B;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;"></iframe> </svg>',
316 true,
317 true,
318 'SVG with rembeded iframe (bug 60771)'
319 ],
320 [
321 '<svg xmlns="http://www.w3.org/2000/svg" viewBox="6 3 177 153" xmlns:xlink="http://www.w3.org/1999/xlink"> <style>@import url("https://fonts.googleapis.com/css?family=Bitter:700&amp;text=WebPlatform.org");</style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold">WebPlatform.org</text> </g> </svg>',
322 true,
323 true,
324 'SVG with @import in style element (bug 69008)'
325 ],
326 [
327 '<svg xmlns="http://www.w3.org/2000/svg" viewBox="6 3 177 153" xmlns:xlink="http://www.w3.org/1999/xlink"> <style>@import url("https://fonts.googleapis.com/css?family=Bitter:700&amp;text=WebPlatform.org");<foo/></style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold">WebPlatform.org</text> </g> </svg>',
328 true,
329 true,
330 'SVG with @import in style element and child element (bug 69008#c11)'
331 ],
332 [
333 '<svg xmlns="http://www.w3.org/2000/svg" viewBox="6 3 177 153" xmlns:xlink="http://www.w3.org/1999/xlink"> <style>@imporT "https://fonts.googleapis.com/css?family=Bitter:700&amp;text=WebPlatform.org";</style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold">WebPlatform.org</text> </g> </svg>',
334 true,
335 true,
336 'SVG with case-insensitive @import in style element (bug T85349)'
337 ],
338 [
339 '<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:url(https://www.google.com/images/srpr/logo11w.png)"/> </svg>',
340 true,
341 true,
342 'SVG with remote background image (bug 69008)'
343 ],
344 [
345 '<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:\55rl(https://www.google.com/images/srpr/logo11w.png)"/> </svg>',
346 true,
347 true,
348 'SVG with remote background image, encoded (bug 69008)'
349 ],
350 [
351 '<svg xmlns="http://www.w3.org/2000/svg"> <style> #a { background-image:\55rl(\'https://www.google.com/images/srpr/logo11w.png\'); } </style> <rect width="100" height="100" id="a"/> </svg>',
352 true,
353 true,
354 'SVG with remote background image, in style element (bug 69008)'
355 ],
356 [
357 // This currently doesn't seem to work in any browsers, but in case
358 // http://www.w3.org/TR/css3-images/ is implemented for SVG files
359 '<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:image(\'sprites.svg#xywh=40,0,20,20\')"/> </svg>',
360 true,
361 true,
362 'SVG with remote background image using image() (bug 69008)'
363 ],
364 [
365 // As reported by Cure53
366 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <a xlink:href="data:text/html;charset=utf-8;base64, PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ%2BDQo%3D"> <circle r="400" fill="red"></circle> </a> </svg>',
367 true,
368 true,
369 'SVG with data:text/html link target (firefox only)'
370 ],
371 [
372 '<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ <!ENTITY lol "lol"> <!ENTITY lol2 "&#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x27;&#x58;&#x53;&#x53;&#x45;&#x44;&#x20;&#x3D;&#x3E;&#x20;&#x27;&#x2B;&#x64;&#x6F;&#x63;&#x75;&#x6D;&#x65;&#x6E;&#x74;&#x2E;&#x64;&#x6F;&#x6D;&#x61;&#x69;&#x6E;&#x29;&#x3B;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;"> ]> <svg xmlns="http://www.w3.org/2000/svg" width="68" height="68" viewBox="-34 -34 68 68" version="1.1"> <circle cx="0" cy="0" r="24" fill="#c8c8c8"/> <text x="0" y="0" fill="black">&lol2;</text> </svg>',
373 false,
374 true,
375 'SVG with encoded script tag in internal entity (reported by Beyond Security)'
376 ],
377 [
378 '<?xml version="1.0"?> <!DOCTYPE svg [ <!ENTITY foo SYSTEM "file:///etc/passwd"> ]> <svg xmlns="http://www.w3.org/2000/svg" version="1.1"> <desc>&foo;</desc> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:1;stroke:rgb(0,0,2)" /> </svg>',
379 false,
380 false,
381 'SVG with external entity'
382 ],
383 [
384 // The base64 = <script>alert(1)</script>. If for some reason
385 // entities actually do get loaded, this should trigger
386 // filterMatch to be true. So this test verifies that we
387 // are not loading external entities.
388 '<?xml version="1.0"?> <!DOCTYPE svg [ <!ENTITY foo SYSTEM "data:text/plain;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pgo="> ]> <svg xmlns="http://www.w3.org/2000/svg" version="1.1"> <desc>&foo;</desc> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:1;stroke:rgb(0,0,2)" /> </svg>',
389 false,
390 false, /* False verifies entities aren't getting loaded */
391 'SVG with data: uri external entity'
392 ],
393 [
394 "<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\"> <g> <a xlink:href=\"javascript:alert('1&#10;https://google.com')\"> <rect width=\"300\" height=\"100\" style=\"fill:rgb(0,0,255);stroke-width:1;stroke:rgb(0,0,2)\" /> </a> </g> </svg>",
395 true,
396 true,
397 'SVG with javascript <a> link with newline (T122653)'
398 ],
399 // Test good, but strange files that we want to allow
400 [
401 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <g> <a xlink:href="http://en.wikipedia.org/wiki/Main_Page"> <path transform="translate(0,496)" id="path6706" d="m 112.09375,107.6875 -5.0625,3.625 -4.3125,5.03125 -0.46875,0.5 -4.09375,3.34375 -9.125,5.28125 -8.625,-3.375 z" style="fill:#cccccc;fill-opacity:1;stroke:#6e6e6e;stroke-width:0.69999999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;display:inline" /> </a> </g> </svg>',
402 true,
403 false,
404 'SVG with <a> link to a remote site'
405 ],
406 [
407 '<svg> <defs> <filter id="filter6226" x="-0.93243687" width="2.8648737" y="-0.24250539" height="1.4850108"> <feGaussianBlur stdDeviation="3.2344681" id="feGaussianBlur6228" /> </filter> <clipPath id="clipPath2436"> <path d="M 0,0 L 0,0 L 0,0 L 0,0 z" id="path2438" /> </clipPath> </defs> <g clip-path="url(#clipPath2436)" id="g2460"> <text id="text2466"> <tspan>12345</tspan> </text> </g> <path style="fill:#346733;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:round;stroke-linejoin:bevel;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:1, 1;stroke-dashoffset:0;filter:url(\'#filter6226\');fill-opacity:1;opacity:0.79807692" d="M 236.82371,332.63732 C 236.92217,332.63732 z" id="path5618" /> </svg>',
408 true,
409 false,
410 'SVG with local urls, including filter: in style'
411 ],
412 [
413 '<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE x [<!ATTLIST image x:href CDATA "data:image/png,foo" onerror CDATA "alert(\'XSSED = \'+document.domain)" onload CDATA "alert(\'XSSED = \'+document.domain)"> ]> <svg xmlns:h="http://www.w3.org/1999/xhtml" xmlns:x="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg"> <image /> </svg>',
414 false,
415 false,
416 'SVG with evil default attribute values'
417 ],
418 [
419 '<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg SYSTEM "data:application/xml-dtd;base64,PCFET0NUWVBFIHN2ZyBbPCFBVFRMSVNUIGltYWdlIHg6aHJlZiBDREFUQSAiZGF0YTppbWFnZS9wbmcsZm9vIiBvbmVycm9yIENEQVRBICJhbGVydCgnWFNTRUQgPSAnK2RvY3VtZW50LmRvbWFpbikiIG9ubG9hZCBDREFUQSAiYWxlcnQoJ1hTU0VEID0gJytkb2N1bWVudC5kb21haW4pIj4gXT4K"><svg xmlns:x="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg"> <image /> </svg>',
420 true,
421 true,
422 'SVG with an evil external dtd'
423 ],
424 [
425 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//FOO/bar" "http://example.com"><svg></svg>',
426 true,
427 true,
428 'SVG with random public doctype'
429 ],
430 [
431 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg SYSTEM \'http://example.com/evil.dtd\' ><svg></svg>',
432 true,
433 true,
434 'SVG with random SYSTEM doctype'
435 ],
436 [
437 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg [<!ENTITY % foo "bar" >] ><svg></svg>',
438 false,
439 false,
440 'SVG with parameter entity'
441 ],
442 [
443 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg [<!ENTITY foo "bar%a;" ] ><svg></svg>',
444 false,
445 false,
446 'SVG with entity referencing parameter entity'
447 ],
448 [
449 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg [<!ENTITY foo "bar0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"> ] ><svg></svg>',
450 false,
451 false,
452 'SVG with long entity'
453 ],
454 [
455 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg [<!ENTITY foo \'"Hi", said bob\'> ] ><svg><g>&foo;</g></svg>',
456 true,
457 false,
458 'SVG with apostrophe quote entity'
459 ],
460 [
461 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg [<!ENTITY name "Bob"><!ENTITY foo \'"Hi", said &name;.\'> ] ><svg><g>&foo;</g></svg>',
462 false,
463 false,
464 'SVG with recursive entity',
465 ],
466 [
467 '<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd" [ <!ATTLIST svg xmlns:xlink CDATA #FIXED "http://www.w3.org/1999/xlink"> ]> <svg width="417pt" height="366pt"
468 viewBox="0.00 0.00 417.00 366.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"></svg>',
469 true, /* well-formed */
470 false, /* filter-hit */
471 'GraphViz-esque svg with #FIXED xlink ns (Should be allowed)'
472 ],
473 [
474 '<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd" [ <!ATTLIST svg xmlns:xlink CDATA #FIXED "http://www.w3.org/1999/xlink2"> ]> <svg width="417pt" height="366pt"
475 viewBox="0.00 0.00 417.00 366.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"></svg>',
476 false,
477 false,
478 'GraphViz ATLIST exception should match exactly'
479 ],
480 [
481 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ <!-- Comment-here --> <!ENTITY foo "#ff6666">]><svg xmlns="http://www.w3.org/2000/svg"></svg>',
482 true,
483 false,
484 'DTD with comments (Should be allowed)'
485 ],
486 [
487 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ <!-- invalid--comment --> <!ENTITY foo "#ff6666">]><svg xmlns="http://www.w3.org/2000/svg"></svg>',
488 false,
489 false,
490 'DTD with invalid comment'
491 ],
492 [
493 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ <!-- invalid ---> <!ENTITY foo "#ff6666">]><svg xmlns="http://www.w3.org/2000/svg"></svg>',
494 false,
495 false,
496 'DTD with invalid comment 2'
497 ],
498 [
499 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ <!ENTITY bar "&foo;"> <!ENTITY foo "#ff6666">]><svg xmlns="http://www.w3.org/2000/svg"></svg>',
500 true,
501 false,
502 'DTD with aliased entities (Should be allowed)'
503 ],
504 [
505 '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ <!ENTITY bar \'&foo;\'> <!ENTITY foo \'#ff6666\'>]><svg xmlns="http://www.w3.org/2000/svg"></svg>',
506 true,
507 false,
508 'DTD with aliased entities apos (Should be allowed)'
509 ]
510 ];
511 // @codingStandardsIgnoreEnd
512 }
513
517 public function testCheckXMLEncodingMissmatch( $fileContents, $evil ) {
518 $filename = $this->getNewTempFile();
519 file_put_contents( $filename, $fileContents );
520 $this->assertSame( UploadBase::checkXMLEncodingMissmatch( $filename ), $evil );
521 }
522
523 public function provideCheckXMLEncodingMissmatch() {
524 return [
525 [ '<?xml version="1.0" encoding="utf-7"?><svg></svg>', true ],
526 [ '<?xml version="1.0" encoding="utf-8"?><svg></svg>', false ],
527 [ '<?xml version="1.0" encoding="WINDOWS-1252"?><svg></svg>', false ],
528 ];
529 }
530}
531
532class UploadTestHandler extends UploadBase {
533 public function initializeFromRequest( &$request ) {
534 }
535
536 public function testTitleValidation( $name ) {
537 $this->mTitle = false;
538 $this->mDesiredDestName = $name;
539 $this->mTitleError = UploadBase::OK;
540 $this->getTitle();
541
542 return $this->mTitleError;
543 }
544
550 public function checkSvgString( $svg ) {
551 $check = new XmlTypeCheck(
552 $svg,
553 [ $this, 'checkSvgScriptCallback' ],
554 false,
555 [
556 'processing_instruction_handler' => 'UploadBase::checkSvgPICallback',
557 'external_dtd_handler' => 'UploadBase::checkSvgExternalDTD'
558 ]
559 );
560 return [ $check->wellFormed, $check->filterMatch ];
561 }
562}
MediaWikiTestCase\getNewTempFile
getNewTempFile()
Obtains a new temporary file name.
Definition MediaWikiTestCase.php:433
MediaWikiTestCase\setMwGlobals
setMwGlobals( $pairs, $value=null)
Definition MediaWikiTestCase.php:640
UploadBaseTest\provideCheckSvgScriptCallback
static provideCheckSvgScriptCallback()
Definition UploadBaseTest.php:137
UploadBaseTest\createFileOfSize
createFileOfSize( $size)
Definition UploadBaseTest.php:95
UploadBaseTest\testTitleValidation
testTitleValidation( $srcFilename, $dstFilename, $code, $msg)
First checks the return code of UploadBase::getTitle() and then the actual returned title.
Definition UploadBaseTest.php:32
UploadBaseTest\testCheckSvgScriptCallback
testCheckSvgScriptCallback( $svg, $wellFormed, $filterMatch, $message)
provideCheckSvgScriptCallback
Definition UploadBaseTest.php:131
UploadBaseTest\testMaxUploadSize
testMaxUploadSize()
test uploading a 100 bytes file with $wgMaxUploadSize = 100
Definition UploadBaseTest.php:110
UploadBaseTest\testCheckXMLEncodingMissmatch
testCheckXMLEncodingMissmatch( $fileContents, $evil)
provideCheckXMLEncodingMissmatch
Definition UploadBaseTest.php:517
UploadBaseTest\testVerifyUpload
testVerifyUpload()
Test the upload verification functions UploadBase::verifyUpload.
Definition UploadBaseTest.php:85
UploadBaseTest\provideTestTitleValidation
static provideTestTitleValidation()
Test various forms of valid and invalid titles that can be supplied.
Definition UploadBaseTest.php:49
UploadBaseTest\$upload
UploadTestHandler $upload
Definition UploadBaseTest.php:9
UploadBase
UploadBase and subclasses are the backend of MediaWiki's file uploads.
Definition UploadBase.php:38
UploadBase\EMPTY_FILE
const EMPTY_FILE
Definition UploadBase.php:70
UploadBase\FILETYPE_MISSING
const FILETYPE_MISSING
Definition UploadBase.php:74
UploadBase\checkXMLEncodingMissmatch
static checkXMLEncodingMissmatch( $file)
Check a whitelist of xml encodings that are known not to be interpreted differently by the server's x...
Definition UploadBase.php:1295
UploadBase\getTitle
getTitle()
Returns the title of the file to be uploaded.
Definition UploadBase.php:800
UploadBase\ILLEGAL_FILENAME
const ILLEGAL_FILENAME
Definition UploadBase.php:72
UploadBase\MIN_LENGTH_PARTNAME
const MIN_LENGTH_PARTNAME
Definition UploadBase.php:71
UploadBase\FILENAME_TOO_LONG
const FILENAME_TOO_LONG
Definition UploadBase.php:80
UploadTestHandler\initializeFromRequest
initializeFromRequest(&$request)
Initialize from a WebRequest.
Definition UploadBaseTest.php:533
UploadTestHandler\checkSvgString
checkSvgString( $svg)
Almost the same as UploadBase::detectScriptInSvg, except it's public, works on an xml string instead ...
Definition UploadBaseTest.php:550
list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition deferred.txt:11
$result
The index of the header message $result[1]=The index of the body text message $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. 'ImportHandleLogItemXMLTag':When parsing a XML tag in a log item. Return false to stop further processing of the tag $reader:XMLReader object $logInfo:Array of information 'ImportHandlePageXMLTag':When parsing a XML tag in a page. Return false to stop further processing of the tag $reader:XMLReader object & $pageInfo:Array of information 'ImportHandleRevisionXMLTag':When parsing a XML tag in a page revision. Return false to stop further processing of the tag $reader:XMLReader object $pageInfo:Array of page information $revisionInfo:Array of revision information 'ImportHandleToplevelXMLTag':When parsing a top level XML tag. Return false to stop further processing of the tag $reader:XMLReader object 'ImportHandleUploadXMLTag':When parsing a XML tag in a file upload. Return false to stop further processing of the tag $reader:XMLReader object $revisionInfo:Array of information 'ImportLogInterwikiLink':Hook to change the interwiki link used in log entries and edit summaries for transwiki imports. & $fullInterwikiPrefix:Interwiki prefix, may contain colons. & $pageTitle:String that contains page title. 'ImportSources':Called when reading from the $wgImportSources configuration variable. Can be used to lazy-load the import sources list. & $importSources:The value of $wgImportSources. Modify as necessary. See the comment in DefaultSettings.php for the detail of how to structure this array. 'InfoAction':When building information to display on the action=info page. $context:IContextSource object & $pageInfo:Array of information 'InitializeArticleMaybeRedirect':MediaWiki check to see if title is a redirect. & $title:Title object for the current page & $request:WebRequest & $ignoreRedirect:boolean to skip redirect check & $target:Title/string of redirect target & $article:Article object 'InternalParseBeforeLinks':during Parser 's internalParse method before links but after nowiki/noinclude/includeonly/onlyinclude and other processings. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InternalParseBeforeSanitize':during Parser 's internalParse method just before the parser removes unwanted/dangerous HTML tags and after nowiki/noinclude/includeonly/onlyinclude and other processings. Ideal for syntax-extensions after template/parser function execution which respect nowiki and HTML-comments. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InterwikiLoadPrefix':When resolving if a given prefix is an interwiki or not. Return true without providing an interwiki to continue interwiki search. $prefix:interwiki prefix we are looking for. & $iwData:output array describing the interwiki with keys iw_url, iw_local, iw_trans and optionally iw_api and iw_wikiid. 'InvalidateEmailComplete':Called after a user 's email has been invalidated successfully. $user:user(object) whose email is being invalidated 'IRCLineURL':When constructing the URL to use in an IRC notification. Callee may modify $url and $query, URL will be constructed as $url . $query & $url:URL to index.php & $query:Query string $rc:RecentChange object that triggered url generation 'IsFileCacheable':Override the result of Article::isFileCacheable()(if true) & $article:article(object) being checked 'IsTrustedProxy':Override the result of IP::isTrustedProxy() & $ip:IP being check & $result:Change this value to override the result of IP::isTrustedProxy() 'IsUploadAllowedFromUrl':Override the result of UploadFromUrl::isAllowedUrl() $url:URL used to upload from & $allowed:Boolean indicating if uploading is allowed for given URL 'isValidEmailAddr':Override the result of Sanitizer::validateEmail(), for instance to return false if the domain name doesn 't match your organization. $addr:The e-mail address entered by the user & $result:Set this and return false to override the internal checks 'isValidPassword':Override the result of User::isValidPassword() $password:The password entered by the user & $result:Set this and return false to override the internal checks $user:User the password is being validated for 'Language::getMessagesFileName':$code:The language code or the language we 're looking for a messages file for & $file:The messages file path, you can override this to change the location. 'LanguageGetMagic':DEPRECATED! Use $magicWords in a file listed in $wgExtensionMessagesFiles instead. Use this to define synonyms of magic words depending of the language & $magicExtensions:associative array of magic words synonyms $lang:language code(string) 'LanguageGetNamespaces':Provide custom ordering for namespaces or remove namespaces. Do not use this hook to add namespaces. Use CanonicalNamespaces for that. & $namespaces:Array of namespaces indexed by their numbers 'LanguageGetSpecialPageAliases':DEPRECATED! Use $specialPageAliases in a file listed in $wgExtensionMessagesFiles instead. Use to define aliases of special pages names depending of the language & $specialPageAliases:associative array of magic words synonyms $lang:language code(string) 'LanguageGetTranslatedLanguageNames':Provide translated language names. & $names:array of language code=> language name $code:language of the preferred translations 'LanguageLinks':Manipulate a page 's language links. This is called in various places to allow extensions to define the effective language links for a page. $title:The page 's Title. & $links:Associative array mapping language codes to prefixed links of the form "language:title". & $linkFlags:Associative array mapping prefixed links to arrays of flags. Currently unused, but planned to provide support for marking individual language links in the UI, e.g. for featured articles. 'LanguageSelector':Hook to change the language selector available on a page. $out:The output page. $cssClassName:CSS class name of the language selector. 'LinkBegin':DEPRECATED! Use HtmlPageLinkRendererBegin instead. Used when generating internal and interwiki links in Linker::link(), before processing starts. Return false to skip default processing and return $ret. See documentation for Linker::link() for details on the expected meanings of parameters. $skin:the Skin object $target:the Title that the link is pointing to & $html:the contents that the< a > tag should have(raw HTML) $result
Definition hooks.txt:1937
true
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition hooks.txt:1950
$request
error also a ContextSource you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2685
$name
Allows to change the fields on the form that will be generated $name
Definition hooks.txt:304
false
processing should stop and the error should be shown to the user * false
Definition hooks.txt:189
$code
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output modifiable & $code
Definition hooks.txt:887
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37