Issues in ExifBitmap.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/media/ExifBitmap.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Handler for bitmap images with exif metadata.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup Media
 */

/**
 * Stuff specific to JPEG and (built-in) TIFF handler.
 * All metadata related, since both JPEG and TIFF support Exif.
 *
 * @ingroup Media
 */
class ExifBitmapHandler extends BitmapHandler {
	const BROKEN_FILE = '-1'; // error extracting metadata
	const OLD_BROKEN_FILE = '0'; // outdated error extracting metadata.
	const SRGB_ICC_PROFILE_NAME = 'IEC 61966-2.1 Default RGB colour space - sRGB';

	function convertMetadataVersion( $metadata, $version = 1 ) {
		// basically flattens arrays.
		$version = intval( explode( ';', $version, 2 )[0] );
		if ( $version < 1 || $version >= 2 ) {
			return $metadata;
		}

		$avoidHtml = true;

		if ( !is_array( $metadata ) ) {
			$metadata = unserialize( $metadata );
		}
		if ( !isset( $metadata['MEDIAWIKI_EXIF_VERSION'] ) || $metadata['MEDIAWIKI_EXIF_VERSION'] != 2 ) {
			return $metadata;
		}

		// Treat Software as a special case because in can contain
		// an array of (SoftwareName, Version).
		if ( isset( $metadata['Software'] )
			&& is_array( $metadata['Software'] )
			&& is_array( $metadata['Software'][0] )
			&& isset( $metadata['Software'][0][0] )
			&& isset( $metadata['Software'][0][1] )
		) {
			$metadata['Software'] = $metadata['Software'][0][0] . ' (Version '
				. $metadata['Software'][0][1] . ')';
		}

		$formatter = new FormatMetadata;

		// ContactInfo also has to be dealt with specially
		if ( isset( $metadata['Contact'] ) ) {
			$metadata['Contact'] =
				$formatter->collapseContactInfo(
					$metadata['Contact'] );
		}

		foreach ( $metadata as &$val ) {
			if ( is_array( $val ) ) {
				$val = $formatter->flattenArrayReal( $val, 'ul', $avoidHtml );
			}
		}
		$metadata['MEDIAWIKI_EXIF_VERSION'] = 1;

		return $metadata;
	}

	/**
	 * @param File $image
	 * @param array $metadata
	 * @return bool|int
	 */
	function isMetadataValid( $image, $metadata ) {
		global $wgShowEXIF;
		if ( !$wgShowEXIF ) {
			# Metadata disabled and so an empty field is expected
			return self::METADATA_GOOD;
		}
		if ( $metadata === self::OLD_BROKEN_FILE ) {
			# Old special value indicating that there is no Exif data in the file.
			# or that there was an error well extracting the metadata.
			wfDebug( __METHOD__ . ": back-compat version\n" );

			return self::METADATA_COMPATIBLE;
		}
		if ( $metadata === self::BROKEN_FILE ) {
			return self::METADATA_GOOD;
		}
		MediaWiki\suppressWarnings();
		$exif = unserialize( $metadata );
		MediaWiki\restoreWarnings();
		if ( !isset( $exif['MEDIAWIKI_EXIF_VERSION'] )
			|| $exif['MEDIAWIKI_EXIF_VERSION'] != Exif::version()
		) {
			if ( isset( $exif['MEDIAWIKI_EXIF_VERSION'] )
				&& $exif['MEDIAWIKI_EXIF_VERSION'] == 1
			) {
				// back-compatible but old
				wfDebug( __METHOD__ . ": back-compat version\n" );

				return self::METADATA_COMPATIBLE;
			}
			# Wrong (non-compatible) version
			wfDebug( __METHOD__ . ": wrong version\n" );

			return self::METADATA_BAD;
		}

		return self::METADATA_GOOD;
	}

	/**
	 * @param File $image
	 * @param bool|IContextSource $context Context to use (optional)
	 * @return array|bool
	 */
	function formatMetadata( $image, $context = false ) {
		$meta = $this->getCommonMetaArray( $image );
		if ( count( $meta ) === 0 ) {
			return false;
		}

		return $this->formatMetadataHelper( $meta, $context );
	}

	public function getCommonMetaArray( File $file ) {
		$metadata = $file->getMetadata();
		if ( $metadata === self::OLD_BROKEN_FILE
			|| $metadata === self::BROKEN_FILE
			|| $this->isMetadataValid( $file, $metadata ) === self::METADATA_BAD
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
		) {
			// So we don't try and display metadata from PagedTiffHandler
			// for example when using InstantCommons.
			return [];
		}

		$exif = unserialize( $metadata );
		if ( !$exif ) {
			return [];
		}
		unset( $exif['MEDIAWIKI_EXIF_VERSION'] );

		return $exif;
	}

	function getMetadataType( $image ) {
		return 'exif';
	}

	/**
	 * Wrapper for base classes ImageHandler::getImageSize() that checks for
	 * rotation reported from metadata and swaps the sizes to match.
	 *
	 * @param File|FSFile $image
	 * @param string $path
	 * @return array
	 */
	function getImageSize( $image, $path ) {
		$gis = parent::getImageSize( $image, $path );

		// Don't just call $image->getMetadata(); FSFile::getPropsFromPath() calls us with a bogus object.
		// This may mean we read EXIF data twice on initial upload.
		if ( $this->autoRotateEnabled() ) {
			$meta = $this->getMetadata( $image, $path );
			$rotation = $this->getRotationForExif( $meta );
		} else {
			$rotation = 0;
		}

		if ( $rotation == 90 || $rotation == 270 ) {
			$width = $gis[0];
			$gis[0] = $gis[1];
			$gis[1] = $width;
		}

		return $gis;
	}

	/**
	 * On supporting image formats, try to read out the low-level orientation
	 * of the file and return the angle that the file needs to be rotated to
	 * be viewed.
	 *
	 * This information is only useful when manipulating the original file;
	 * the width and height we normally work with is logical, and will match
	 * any produced output views.
	 *
	 * @param File $file
	 * @return int 0, 90, 180 or 270
	 */
	public function getRotation( $file ) {
		if ( !$this->autoRotateEnabled() ) {
			return 0;
		}

		$data = $file->getMetadata();

		return $this->getRotationForExif( $data );
	}

	/**
	 * Given a chunk of serialized Exif metadata, return the orientation as
	 * degrees of rotation.
	 *
	 * @param string $data
	 * @return int 0, 90, 180 or 270
	 * @todo FIXME: Orientation can include flipping as well; see if this is an issue!
	 */
	protected function getRotationForExif( $data ) {
		if ( !$data ) {
			return 0;
		}
		MediaWiki\suppressWarnings();
		$data = unserialize( $data );
		MediaWiki\restoreWarnings();
		if ( isset( $data['Orientation'] ) ) {
			# See http://sylvana.net/jpegcrop/exif_orientation.html
			switch ( $data['Orientation'] ) {
				case 8:
					return 90;
				case 3:
					return 180;
				case 6:
					return 270;
				default:
					return 0;
			}
		}

		return 0;
	}

	protected function transformImageMagick( $image, $params ) {
		global $wgUseTinyRGBForJPGThumbnails;

		$ret = parent::transformImageMagick( $image, $params );

		if ( $ret ) {
			return $ret;
		}

		if ( $params['mimeType'] === 'image/jpeg' && $wgUseTinyRGBForJPGThumbnails ) {
			// T100976 If the profile embedded in the JPG is sRGB, swap it for the smaller
			// (and free) TinyRGB

			$this->swapICCProfile(
				$params['dstPath'],
				self::SRGB_ICC_PROFILE_NAME,
				realpath( __DIR__ ) . '/tinyrgb.icc'
			);
		}

		return false;
	}

	/**
	 * Swaps an embedded ICC profile for another, if found.
	 * Depends on exiftool, no-op if not installed.
	 * @param string $filepath File to be manipulated (will be overwritten)
	 * @param string $oldProfileString Exact name of color profile to look for
	 *  (the one that will be replaced)
	 * @param string $profileFilepath ICC profile file to apply to the file
	 * @since 1.26
	 * @return bool
	 */
	public function swapICCProfile( $filepath, $oldProfileString, $profileFilepath ) {
		global $wgExiftool;

		if ( !$wgExiftool || !is_executable( $wgExiftool ) ) {
			return false;
		}

		$cmd = wfEscapeShellArg( $wgExiftool,
			'-DeviceModelDesc',
			'-S',
			'-T',
			$filepath
		);

		$output = wfShellExecWithStderr( $cmd, $retval );

		if ( $retval !== 0 || strcasecmp( trim( $output ), $oldProfileString ) !== 0 ) {
			// We can't establish that this file has the expected ICC profile, don't process it
			return false;
		}

		$cmd = wfEscapeShellArg( $wgExiftool,
			'-overwrite_original',
			'-icc_profile<=' . $profileFilepath,
			$filepath
		);

		$output = wfShellExecWithStderr( $cmd, $retval );

		if ( $retval !== 0 ) {
			$this->logErrorForExternalProcess( $retval, $output, $cmd );

			return false;
		}

		return true;
	}
}


1		<?php
2		/**
3		* Handler for bitmap images with exif metadata.
4		*
5		* This program is free software; you can redistribute it and/or modify
6		* it under the terms of the GNU General Public License as published by
7		* the Free Software Foundation; either version 2 of the License, or
8		* (at your option) any later version.
9		*
10		* This program is distributed in the hope that it will be useful,
11		* but WITHOUT ANY WARRANTY; without even the implied warranty of
12		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13		* GNU General Public License for more details.
14		*
15		* You should have received a copy of the GNU General Public License along
16		* with this program; if not, write to the Free Software Foundation, Inc.,
17		* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18		* http://www.gnu.org/copyleft/gpl.html
19		*
20		* @file
21		* @ingroup Media
22		*/
23
24		/**
25		* Stuff specific to JPEG and (built-in) TIFF handler.
26		* All metadata related, since both JPEG and TIFF support Exif.
27		*
28		* @ingroup Media
29		*/
30		class ExifBitmapHandler extends BitmapHandler {
31		const BROKEN_FILE = '-1'; // error extracting metadata
32		const OLD_BROKEN_FILE = '0'; // outdated error extracting metadata.
33		const SRGB_ICC_PROFILE_NAME = 'IEC 61966-2.1 Default RGB colour space - sRGB';
34
35		function convertMetadataVersion( $metadata, $version = 1 ) {
36		// basically flattens arrays.
37		$version = intval( explode( ';', $version, 2 )[0] );
38		if ( $version < 1 \|\| $version >= 2 ) {
39		return $metadata;
40		}
41
42		$avoidHtml = true;
43
44		if ( !is_array( $metadata ) ) {
45		$metadata = unserialize( $metadata );
46		}
47		if ( !isset( $metadata['MEDIAWIKI_EXIF_VERSION'] ) \|\| $metadata['MEDIAWIKI_EXIF_VERSION'] != 2 ) {
48		return $metadata;
49		}
50
51		// Treat Software as a special case because in can contain
52		// an array of (SoftwareName, Version).
53		if ( isset( $metadata['Software'] )
54		&& is_array( $metadata['Software'] )
55		&& is_array( $metadata['Software'][0] )
56		&& isset( $metadata['Software'][0][0] )
57		&& isset( $metadata['Software'][0][1] )
58		) {
59		$metadata['Software'] = $metadata['Software'][0][0] . ' (Version '
60		. $metadata['Software'][0][1] . ')';
61		}
62
63		$formatter = new FormatMetadata;
64
65		// ContactInfo also has to be dealt with specially
66		if ( isset( $metadata['Contact'] ) ) {
67		$metadata['Contact'] =
68		$formatter->collapseContactInfo(
69		$metadata['Contact'] );
70		}
71
72		foreach ( $metadata as &$val ) {
73		if ( is_array( $val ) ) {
74		$val = $formatter->flattenArrayReal( $val, 'ul', $avoidHtml );
75		}
76		}
77		$metadata['MEDIAWIKI_EXIF_VERSION'] = 1;
78
79		return $metadata;
80		}
81
82		/**
83		* @param File $image
84		* @param array $metadata
85		* @return bool\|int
86		*/
87		function isMetadataValid( $image, $metadata ) {
88		global $wgShowEXIF;
89		if ( !$wgShowEXIF ) {
90		# Metadata disabled and so an empty field is expected
91		return self::METADATA_GOOD;
92		}
93		if ( $metadata === self::OLD_BROKEN_FILE ) {
94		# Old special value indicating that there is no Exif data in the file.
95		# or that there was an error well extracting the metadata.
96		wfDebug( __METHOD__ . ": back-compat version\n" );
97
98		return self::METADATA_COMPATIBLE;
99		}
100		if ( $metadata === self::BROKEN_FILE ) {
101		return self::METADATA_GOOD;
102		}
103		MediaWiki\suppressWarnings();
104		$exif = unserialize( $metadata );
105		MediaWiki\restoreWarnings();
106		if ( !isset( $exif['MEDIAWIKI_EXIF_VERSION'] )
107		\|\| $exif['MEDIAWIKI_EXIF_VERSION'] != Exif::version()
108		) {
109		if ( isset( $exif['MEDIAWIKI_EXIF_VERSION'] )
110		&& $exif['MEDIAWIKI_EXIF_VERSION'] == 1
111		) {
112		// back-compatible but old
113		wfDebug( __METHOD__ . ": back-compat version\n" );
114
115		return self::METADATA_COMPATIBLE;
116		}
117		# Wrong (non-compatible) version
118		wfDebug( __METHOD__ . ": wrong version\n" );
119
120		return self::METADATA_BAD;
121		}
122
123		return self::METADATA_GOOD;
124		}
125
126		/**
127		* @param File $image
128		* @param bool\|IContextSource $context Context to use (optional)
129		* @return array\|bool
130		*/
131	View Code Duplication	function formatMetadata( $image, $context = false ) {
132		$meta = $this->getCommonMetaArray( $image );
133		if ( count( $meta ) === 0 ) {
134		return false;
135		}
136
137		return $this->formatMetadataHelper( $meta, $context );
138		}
139
140		public function getCommonMetaArray( File $file ) {
141		$metadata = $file->getMetadata();
142		if ( $metadata === self::OLD_BROKEN_FILE
143		\|\| $metadata === self::BROKEN_FILE
144		\|\| $this->isMetadataValid( $file, $metadata ) === self::METADATA_BAD
		0 ignored issues – show Bug introduced 2016-07-22 17:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$metadata` defined by `$file->getMetadata()` on line `141` can also be of type `boolean`; however, `ExifBitmapHandler::isMetadataValid()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
145		) {
146		// So we don't try and display metadata from PagedTiffHandler
147		// for example when using InstantCommons.
148		return [];
149		}
150
151		$exif = unserialize( $metadata );
152		if ( !$exif ) {
153		return [];
154		}
155		unset( $exif['MEDIAWIKI_EXIF_VERSION'] );
156
157		return $exif;
158		}
159
160		function getMetadataType( $image ) {
161		return 'exif';
162		}
163
164		/**
165		* Wrapper for base classes ImageHandler::getImageSize() that checks for
166		* rotation reported from metadata and swaps the sizes to match.
167		*
168		* @param File\|FSFile $image
169		* @param string $path
170		* @return array
171		*/
172		function getImageSize( $image, $path ) {
173		$gis = parent::getImageSize( $image, $path );
174
175		// Don't just call $image->getMetadata(); FSFile::getPropsFromPath() calls us with a bogus object.
176		// This may mean we read EXIF data twice on initial upload.
177		if ( $this->autoRotateEnabled() ) {
178		$meta = $this->getMetadata( $image, $path );
179		$rotation = $this->getRotationForExif( $meta );
180		} else {
181		$rotation = 0;
182		}
183
184		if ( $rotation == 90 \|\| $rotation == 270 ) {
185		$width = $gis[0];
186		$gis[0] = $gis[1];
187		$gis[1] = $width;
188		}
189
190		return $gis;
191		}
192
193		/**
194		* On supporting image formats, try to read out the low-level orientation
195		* of the file and return the angle that the file needs to be rotated to
196		* be viewed.
197		*
198		* This information is only useful when manipulating the original file;
199		* the width and height we normally work with is logical, and will match
200		* any produced output views.
201		*
202		* @param File $file
203		* @return int 0, 90, 180 or 270
204		*/
205		public function getRotation( $file ) {
206		if ( !$this->autoRotateEnabled() ) {
207		return 0;
208		}
209
210		$data = $file->getMetadata();
211
212		return $this->getRotationForExif( $data );
213		}
214
215		/**
216		* Given a chunk of serialized Exif metadata, return the orientation as
217		* degrees of rotation.
218		*
219		* @param string $data
220		* @return int 0, 90, 180 or 270
221		* @todo FIXME: Orientation can include flipping as well; see if this is an issue!
222		*/
223		protected function getRotationForExif( $data ) {
224		if ( !$data ) {
225		return 0;
226		}
227		MediaWiki\suppressWarnings();
228		$data = unserialize( $data );
229		MediaWiki\restoreWarnings();
230		if ( isset( $data['Orientation'] ) ) {
231		# See http://sylvana.net/jpegcrop/exif_orientation.html
232		switch ( $data['Orientation'] ) {
233		case 8:
234		return 90;
235		case 3:
236		return 180;
237		case 6:
238		return 270;
239		default:
240		return 0;
241		}
242		}
243
244		return 0;
245		}
246
247		protected function transformImageMagick( $image, $params ) {
248		global $wgUseTinyRGBForJPGThumbnails;
249
250		$ret = parent::transformImageMagick( $image, $params );
251
252		if ( $ret ) {
253		return $ret;
254		}
255
256		if ( $params['mimeType'] === 'image/jpeg' && $wgUseTinyRGBForJPGThumbnails ) {
257		// T100976 If the profile embedded in the JPG is sRGB, swap it for the smaller
258		// (and free) TinyRGB
259
260		$this->swapICCProfile(
261		$params['dstPath'],
262		self::SRGB_ICC_PROFILE_NAME,
263		realpath( __DIR__ ) . '/tinyrgb.icc'
264		);
265		}
266
267		return false;
268		}
269
270		/**
271		* Swaps an embedded ICC profile for another, if found.
272		* Depends on exiftool, no-op if not installed.
273		* @param string $filepath File to be manipulated (will be overwritten)
274		* @param string $oldProfileString Exact name of color profile to look for
275		* (the one that will be replaced)
276		* @param string $profileFilepath ICC profile file to apply to the file
277		* @since 1.26
278		* @return bool
279		*/
280		public function swapICCProfile( $filepath, $oldProfileString, $profileFilepath ) {
281		global $wgExiftool;
282
283		if ( !$wgExiftool \|\| !is_executable( $wgExiftool ) ) {
284		return false;
285		}
286
287		$cmd = wfEscapeShellArg( $wgExiftool,
288		'-DeviceModelDesc',
289		'-S',
290		'-T',
291		$filepath
292		);
293
294		$output = wfShellExecWithStderr( $cmd, $retval );
295
296		if ( $retval !== 0 \|\| strcasecmp( trim( $output ), $oldProfileString ) !== 0 ) {
297		// We can't establish that this file has the expected ICC profile, don't process it
298		return false;
299		}
300
301		$cmd = wfEscapeShellArg( $wgExiftool,
302		'-overwrite_original',
303		'-icc_profile<=' . $profileFilepath,
304		$filepath
305		);
306
307		$output = wfShellExecWithStderr( $cmd, $retval );
308
309		if ( $retval !== 0 ) {
310		$this->logErrorForExternalProcess( $retval, $output, $cmd );
311
312		return false;
313		}
314
315		return true;
316		}
317		}
318

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

includes/media/ExifBitmap.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like