|
@@ 1514-1521 (lines=8) @@
|
| 1511 |
|
&& strpos( $value, 'data:' ) !== 0 |
| 1512 |
|
&& strpos( $value, '#' ) !== 0 |
| 1513 |
|
) { |
| 1514 |
|
if ( !( $strippedElement === 'a' |
| 1515 |
|
&& preg_match( '!^https?://!i', $value ) ) |
| 1516 |
|
) { |
| 1517 |
|
wfDebug( __METHOD__ . ": Found href attribute <$strippedElement " |
| 1518 |
|
. "'$attrib'='$value' in uploaded file.\n" ); |
| 1519 |
|
|
| 1520 |
|
return [ 'uploaded-href-attribute-svg', $strippedElement, $attrib, $value ]; |
| 1521 |
|
} |
| 1522 |
|
} |
| 1523 |
|
|
| 1524 |
|
# only allow data: targets that should be safe. This prevents vectors like, |
|
@@ 1532-1536 (lines=5) @@
|
| 1529 |
|
$parameters = '(?>;[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+=(?>[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+|"(?>[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|\\\\[\0-\x7f])*"))*(?:;base64)?'; |
| 1530 |
|
// @codingStandardsIgnoreEnd |
| 1531 |
|
|
| 1532 |
|
if ( !preg_match( "!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i", $value ) ) { |
| 1533 |
|
wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri " |
| 1534 |
|
. "\"<$strippedElement '$attrib'='$value'...\" in uploaded file.\n" ); |
| 1535 |
|
return [ 'uploaded-href-unsafe-target-svg', $strippedElement, $attrib, $value ]; |
| 1536 |
|
} |
| 1537 |
|
} |
| 1538 |
|
|
| 1539 |
|
# Change href with animate from (http://html5sec.org/#137). |
wikimedia /
mediawiki
