|
@@ 1425-1432 (lines=8) @@
|
| 1422 |
|
&& strpos( $value, 'data:' ) !== 0 |
| 1423 |
|
&& strpos( $value, '#' ) !== 0 |
| 1424 |
|
) { |
| 1425 |
|
if ( !( $strippedElement === 'a' |
| 1426 |
|
&& preg_match( '!^https?://!im', $value ) ) |
| 1427 |
|
) { |
| 1428 |
|
wfDebug( __METHOD__ . ": Found href attribute <$strippedElement " |
| 1429 |
|
. "'$attrib'='$value' in uploaded file.\n" ); |
| 1430 |
|
|
| 1431 |
|
return [ 'uploaded-href-attribute-svg', $strippedElement, $attrib, $value ]; |
| 1432 |
|
} |
| 1433 |
|
} |
| 1434 |
|
|
| 1435 |
|
# only allow data: targets that should be safe. This prevents vectors like, |
|
@@ 1443-1447 (lines=5) @@
|
| 1440 |
|
$parameters = '(?>;[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+=(?>[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+|"(?>[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|\\\\[\0-\x7f])*"))*(?:;base64)?'; |
| 1441 |
|
// @codingStandardsIgnoreEnd |
| 1442 |
|
|
| 1443 |
|
if ( !preg_match( "!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i", $value ) ) { |
| 1444 |
|
wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri " |
| 1445 |
|
. "\"<$strippedElement '$attrib'='$value'...\" in uploaded file.\n" ); |
| 1446 |
|
return [ 'uploaded-href-unsafe-target-svg', $strippedElement, $attrib, $value ]; |
| 1447 |
|
} |
| 1448 |
|
} |
| 1449 |
|
|
| 1450 |
|
# Change href with animate from (http://html5sec.org/#137). |
wikimedia /
mediawiki
