|
@@ 1493-1500 (lines=8) @@
|
| 1490 |
|
&& strpos( $value, 'data:' ) !== 0 |
| 1491 |
|
&& strpos( $value, '#' ) !== 0 |
| 1492 |
|
) { |
| 1493 |
|
if ( !( $strippedElement === 'a' |
| 1494 |
|
&& preg_match( '!^https?://!i', $value ) ) |
| 1495 |
|
) { |
| 1496 |
|
wfDebug( __METHOD__ . ": Found href attribute <$strippedElement " |
| 1497 |
|
. "'$attrib'='$value' in uploaded file.\n" ); |
| 1498 |
|
|
| 1499 |
|
return [ 'uploaded-href-attribute-svg', $strippedElement, $attrib, $value ]; |
| 1500 |
|
} |
| 1501 |
|
} |
| 1502 |
|
|
| 1503 |
|
# only allow data: targets that should be safe. This prevents vectors like, |
|
@@ 1511-1515 (lines=5) @@
|
| 1508 |
|
$parameters = '(?>;[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+=(?>[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+|"(?>[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|\\\\[\0-\x7f])*"))*(?:;base64)?'; |
| 1509 |
|
// @codingStandardsIgnoreEnd |
| 1510 |
|
|
| 1511 |
|
if ( !preg_match( "!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i", $value ) ) { |
| 1512 |
|
wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri " |
| 1513 |
|
. "\"<$strippedElement '$attrib'='$value'...\" in uploaded file.\n" ); |
| 1514 |
|
return [ 'uploaded-href-unsafe-target-svg', $strippedElement, $attrib, $value ]; |
| 1515 |
|
} |
| 1516 |
|
} |
| 1517 |
|
|
| 1518 |
|
# Change href with animate from (http://html5sec.org/#137). |
wikimedia /
mediawiki
