* Introduce MSCompoundFileReader, which reads the CFB directory and
detects the file type from well-known names in the root directory
* Do not detect a ZIP file if the EOCDR is not at the end. Other
containers, especially CFB files, may contain ZIP files embedded
within them in the last 64KB, but this is not a security concern
unless the EOCDR is exactly at the end of the file.
Bug: T40432
Change-Id: Id5b1a258ccf3c3c8951e32f6b7a5b1bafe941082
We were creating the `<g>` element without specifying a namespace,
which caused the library to add `xmlns` attributes with the document's
default SVG namespace to elements that we appended underneath it.
(At least, that's what I think was happening.)
Specify the SVG namespace when creating it to avoid the mess and
reduce resulting file size.
Change-Id: Ida27494aeae9dece16f878c16cf9aa582e6deac3
While it shouldn't be causing any rendering problems,
doing so is semantically incorrect.
Bug: T213507
Change-Id: Ic86cd2bf3028eb24ad60db7ffa9498dd86edd4a5
This allows variables defined in an outer context to be used in inner
contexts. For example:
<h2>{{foo}}</h2>
<ul>
{{#things}}
<!-- bar is a property of each thing, foo is an outer variable -->
<li>{{foo}} is a {{bar}}</li>
{{/things}}
</ul>
Bug: T203209
Change-Id: Ib0ae0fb0b4be6b161f548c79db6fb6f4b831f7c1
As it's quite common that extensions and skins interact with each other, it's
useful to have a simple way to check if an extension version satisfies a
given constraint, as extensions change over time.
Bug: T202955
Change-Id: I19f9713caf89d647072a2bd7d598e739be383f4a
Previously, we handled categorization changes using wrong assumptions
- that rc_cur_id refers to the parent category. Instead, it refers to
the child page.
Change-Id: I40e886c3548ccca57db7ab83f14ec4dcd804cf2f
Bug: T201216
Bug https://github.com/blazegraph/database/issues/100 happens on DELETE/INSERT
but not on separate delete and insert, try to work around it
Change-Id: Iba6a98dde6f4bea9051cd6dee91fb19db5eca10e
Bug: T201217
The viewBox attribute of the <svg> element allows both whitespace and
commas to be used as field separators.
https://www.w3.org/TR/SVG/coords.html#ViewBoxAttribute
Bug: T194192
Change-Id: Iae9be3e4fad3a8ffa411d7a76eee2f20cc39b718
The JSON specification permits duplicate keys, but doing so is almost
always nearly a mistake.
We can use the JSON lint library (added as
dev-requirement to composer), which is now also used to decode the
JSON (as it's the same step as validating the JSON).
Bug: T153507
Change-Id: Ia713a1906169333c1aa2aebdc0ed060d26428d72
readFromQueue() injects the content of AutoloadClasses to
$wgAutoloadClasses however it missed doing the same for
AutoloadNamespaces.
When using the installer with an extension having AutoloadNamespaces
set, its classes would not be found.
Make ExtensionRegistry append to AutoLoader::$psr4Namespaces, and add
a test to cover the new behavior.
Bug: T195783
Change-Id: Id61155867a4ca7d9bc4a347f8671da74b0fa490b
If the "url" field in extension.json is pointing to mediawiki.org,
perform some extra validation steps:
* Require HTTPS
* Require the `www.mediawiki.org` canonical domain
Change-Id: I3371443d3f6c76f53437adf90a700969bba7d0e7
This was previously covered implicitly by an unrelated test.
Change that test (dependency.less) to use ../ to access the file
directly so that that test case is only about tracking dependencies
and testing the parser.
Then, add a second case that tests the use of import dirs.
Bug: T140807
Change-Id: Ie85abffe313922c03b3e146422f36b1d6a79743d
This script creates SPARQL UPDATE statements for changes in a given time
period. These statements can be applied to an existing database to
update it.
See tests for examples of how the statements look like.
Bug: T173774
Change-Id: I9867ad566c0619b55a48a011bd3c55321b1bfcff
SPDX released version 3 of their license list (<https://spdx.org/licenses/>),
which changed the FSF licenses to explicitly end in -only or -or-later
instead of relying on an easy to miss + symbol.
Bug: T183858
Change-Id: I4cbb98ea2bbacf46a57401dbba2bdb076fca1d3a
One of the skip-over loops was missing an feof() check and could
cause infinite loops.
Includes test file created by truncating a tiny tiny .jpeg at
the right place...
With the fix, it doesn't loop but dies on an exception, which
is good!
Bug: T184048
Change-Id: Ica13d6b68c3c12f7ce414edd081bf0886714e465
Removing unnecessary XML declaration prolog when embedding SVGs
as data URI and adding more complex elements & attributes to test.
Bug: T175318
Change-Id: Ibec8c2ab498554a6ad33b4420ae6258dcc80fcdf
Recursive partials are the only way to handle tree-like structures
such as nested lists. Allow setting FLAG_RUNTIMEPARTIAL in LightnCandy
so they can be used.
Since this has a slight performance impact (makes partial invocations
evaluation-time functions calls instead of compilation-time transclusions)
make it optional.
Change-Id: Ie37105a9f1ff92e1a79bfcd9f8578965e3d347f0
Using names that match real OOjs UI icons is confusing when trying to
find usages of the real icons and when debugging the tests.
Bug: T166730
Change-Id: Ibb97c0347476efc95f1a50c97822d7dab19737f2
Replaces \TestingAccessWrapper (defined in core) with
\Wikimedia\TestingAccessWrapper (defined in the composer package
wikimedia/testing-access-wrapper).
See https://gerrit.wikimedia.org/r/#/q/topic:librarize-testing-access-wrapper
for downstream patches.
The core version of the class is kept around for a while to avoid
circular dependency problems.
Bug: T163434
Change-Id: I52cc257e593da3d6c3b01a909e554a950225aec8
Test case for Opus file check so we don't regress!
Confirms the fix for T151352 that Opus files return
type 'audio' and not 'multimedia'.
Bug: T151352
Change-Id: Ib868793d90b60609ccec25726e6fbaa28bffebaf
Existing srgb.jpg & tinyrgb.jpg have been replaced to be able to
easily compare a "fixed" missingprofile.jpg to tinyrgb.jpg.
With the existing files, when the tinyrgb profile was added to
missingprofile.jpg, it would end up basically the same as tinyrgb.jpg,
except that not all the exif data would be in the exact same order.
I've rebuilt srgb.jpg & tinyrgb.jpg by first removing their profile
(which is what missingprofile.jpg is), and then copying it over again:
exiftool -tagsfromfile srgb.jpg -ICC_Profile new_srgb.jpg
Meanwhile also moved the profile-swapping code to JpegHandler, as it
was jpeg-specific.
Bug: T134498
Change-Id: I722dd6f66f6007182ad9a215e5eb382776983c05
Inkscape mangles namespace definitions created by Adobe Illustrator
(apparently it can't parse custom entities or something, maybe just
in 'xmlns' attributes). These files are still valid SVG, and not
a security issue (although Illustrator probably won't like them),
so it's okay to allow them.
Added tests with some example files.
* buggynamespace-original.svg
File generated by Illustrator (edited by hand to reduce filesize).
Based on <https://commons.wikimedia.org/w/?curid=16495597>.
* buggynamespace-okay.svg
The original file, opened and saved in Inkscape (no other changes).
* buggynamespace-okay2.svg
The original file, opened and saved in Inkscape twice.
* buggynamespace-bad.svg
The original file, edited by hand to remove custom entities.
This is not valid XML and should be rejected (although it's valid
when parsed as HTML, and some image viewers might display it).
* buggynamespace-evilhtml.svg
An SVG file using an entity declared namespace for a namespace
we want to ban. Based on buggynamespace-original.svg.
Bug: T144827
Change-Id: I0eb9766cab86a58d729f10033c64f57d2076d917
We read files and concatenate their contents. Files may start with a BOM character.
BOM characters are only allowed at the beginning of a file, not half way.
Stripping it should be safe, since we already assume that everything is UTF-8.
Change-Id: I14ad698a684e78976e873e9ae2c367475550a063
