JPEG files can have trailing \0 chars at the end of the XMP value. Use
trim() to remove these from the string value.
Bug: T118799
Change-Id: Id4ab223ef432e5d2c0dd3b4e332320db02422700
unpack() actually returns an array with indexes starting from 1, not
zero, so unpack(...)[0] gives a notice and always returns null. It is
lucky that ZIPs normally have zero-length comments, so this would have
had little impact on file type detection aside from log spam.
Also, add a check to make sure the unpack() will not read beyond
the end of the file. Without this, unpack() could generate a warning.
The bug was introduced by me in f12db38048.
Add tests. The test files were generated by appending an EOCDR signature
and some extra bytes to 1bit-png.png.
Bug: T223728
Change-Id: I6fab63102d1d8eea92cdcce5ab6d1eb747a0a890
This change follows I39cc2a735d9625c87bf4ede6f5fb0ec441d47dcc.
docs/extension.schema.v1.json
docs/extension.schema.v2.json
includes/registration/ExtensionProcessor.php
* The new extension attribute 'OOUIThemePaths' can be used to define
custom OOUI themes. See I9187a63e509b601b8558ea82850fa828e5c8cc0a
for an example usage.
includes/resourceloader/ResourceLoaderOOUIModule.php
* Add support for 'OOUIThemePaths'.
* Defining 'images' is now optional. I figure custom themes are
unlikely to have or need them.
* Use ResourceLoaderFilePath objects to allow skin-/extension-defined
OOUI module files to use skin/extension's base paths.
This was previously used to support $wgResourceModuleSkinStyles,
but only for 'skinStyles' - now ResourceLoaderFileModule needs
to also handle it for 'skinScripts', and ResourceLoaderImageModule
for 'images').
includes/resourceloader/ResourceLoaderFilePath.php
* Add getters for local/remote base paths, for when we need to
construct a new ResourceLoaderFilePath based on existing one.
includes/resourceloader/ResourceLoaderFileModule.php
includes/resourceloader/ResourceLoaderImageModule.php
includes/resourceloader/ResourceLoaderOOUIImageModule.php
* Add or improve handling of ResourceLoaderFilePaths:
* Replace `(array)` casts with explicit array wrapping, to avoid
casting objects into associative arrays.
* Use getLocalPath() instead of string concatenation.
tests/phpunit/includes/resourceloader/ResourceLoaderFileModuleTest.php
tests/phpunit/includes/resourceloader/ResourceLoaderImageModuleTest.php
* Some basic checks for the above.
Bug: T100896
Change-Id: I74362f0fc215b26f1f104ce7bdbbac1e106736ad
Allows uploaded files to include some HTML tag strings that were
previously forbidden in the first 1k or so of the file:
* <a href
* <img
* <pre
* <table
* <title
They are now allowed as long as the IE MIME type detection heuristic
would not change their types. This should reduce the number of false
positive checks in JPEGs with EXIF data with links.
Also deprecates $wgAllowTitlesInSVG and allows it by default.
This should still protect against malformed PNG attacks on old IE
versions, though false positive checks are conceivable on PNG files
containing comments very close to the beginning of the file.
Adds $wgVerifyMimeTypeIE config var to allow disabling the IE checks
entirely, if desired, but leaves it in place by default. These are
more conservative than the checks that were removed.
Added test cases for the old IE5/6 bug and the particular sort of
JPEG metadata that struck false positives previously.
Bug: T27707
Change-Id: I66642a74fce1a1894cad67d62b0da61020db469a
Package files are files that are part of a module, but are not
immediately executed when the module executes. Instead, they are
lazy-excecuted when require() is called on them. Package files can be
scripts (JS) or data (JSON), and can be real files on the file system,
or virtual files generated by a callback.
Using virtual data files, server-side data and config variables can be
bundled with a module. Support for file-based require() allows us to
import npm modules into ResourceLoader more easily.
The require function passed to each script execution context, which was
previously a reference to the global mw.loader.require() function, is
changed to one that is scoped to the module and the file being executed.
This is needed to support relative paths: require( '../foo.js' ) can
mean a different file depending on the path of the calling file.
The results of require()ing each file (i.e. the value of module.exports
after executing it) are stored, and calling require() on the same file a
second time won't execute it again, but will return the stored value.
Miscellaneous changes:
- Add XmlJsCode::encodeObject(), which combines an associative array of
XmlJsCode objects into one larger XmlJsCode object. This is needed for
encoding the packageFiles parameter in mw.loader.implement() calls.
Bug: T133462
Change-Id: I78cc86e626de0720397718cd2bed8ed279579112
We currently show SVGs in default languages unless overridden with
lang=... URL parameter (and we have UI for setting it). This change
makes it display thumbnails in wiki language, if translation is available.
Bug: T210814
Change-Id: Ieb0b5e9e27f45b71ef119bb3c1d3f2cd4d7100e5
* Introduce MSCompoundFileReader, which reads the CFB directory and
detects the file type from well-known names in the root directory
* Do not detect a ZIP file if the EOCDR is not at the end. Other
containers, especially CFB files, may contain ZIP files embedded
within them in the last 64KB, but this is not a security concern
unless the EOCDR is exactly at the end of the file.
Bug: T40432
Change-Id: Id5b1a258ccf3c3c8951e32f6b7a5b1bafe941082
We were creating the `<g>` element without specifying a namespace,
which caused the library to add `xmlns` attributes with the document's
default SVG namespace to elements that we appended underneath it.
(At least, that's what I think was happening.)
Specify the SVG namespace when creating it to avoid the mess and
reduce resulting file size.
Change-Id: Ida27494aeae9dece16f878c16cf9aa582e6deac3
While it shouldn't be causing any rendering problems,
doing so is semantically incorrect.
Bug: T213507
Change-Id: Ic86cd2bf3028eb24ad60db7ffa9498dd86edd4a5
This allows variables defined in an outer context to be used in inner
contexts. For example:
<h2>{{foo}}</h2>
<ul>
{{#things}}
<!-- bar is a property of each thing, foo is an outer variable -->
<li>{{foo}} is a {{bar}}</li>
{{/things}}
</ul>
Bug: T203209
Change-Id: Ib0ae0fb0b4be6b161f548c79db6fb6f4b831f7c1
As it's quite common that extensions and skins interact with each other, it's
useful to have a simple way to check if an extension version satisfies a
given constraint, as extensions change over time.
Bug: T202955
Change-Id: I19f9713caf89d647072a2bd7d598e739be383f4a
Previously, we handled categorization changes using wrong assumptions
- that rc_cur_id refers to the parent category. Instead, it refers to
the child page.
Change-Id: I40e886c3548ccca57db7ab83f14ec4dcd804cf2f
Bug: T201216
Bug https://github.com/blazegraph/database/issues/100 happens on DELETE/INSERT
but not on separate delete and insert, try to work around it
Change-Id: Iba6a98dde6f4bea9051cd6dee91fb19db5eca10e
Bug: T201217
The viewBox attribute of the <svg> element allows both whitespace and
commas to be used as field separators.
https://www.w3.org/TR/SVG/coords.html#ViewBoxAttribute
Bug: T194192
Change-Id: Iae9be3e4fad3a8ffa411d7a76eee2f20cc39b718
The JSON specification permits duplicate keys, but doing so is almost
always nearly a mistake.
We can use the JSON lint library (added as
dev-requirement to composer), which is now also used to decode the
JSON (as it's the same step as validating the JSON).
Bug: T153507
Change-Id: Ia713a1906169333c1aa2aebdc0ed060d26428d72
readFromQueue() injects the content of AutoloadClasses to
$wgAutoloadClasses however it missed doing the same for
AutoloadNamespaces.
When using the installer with an extension having AutoloadNamespaces
set, its classes would not be found.
Make ExtensionRegistry append to AutoLoader::$psr4Namespaces, and add
a test to cover the new behavior.
Bug: T195783
Change-Id: Id61155867a4ca7d9bc4a347f8671da74b0fa490b
If the "url" field in extension.json is pointing to mediawiki.org,
perform some extra validation steps:
* Require HTTPS
* Require the `www.mediawiki.org` canonical domain
Change-Id: I3371443d3f6c76f53437adf90a700969bba7d0e7
This was previously covered implicitly by an unrelated test.
Change that test (dependency.less) to use ../ to access the file
directly so that that test case is only about tracking dependencies
and testing the parser.
Then, add a second case that tests the use of import dirs.
Bug: T140807
Change-Id: Ie85abffe313922c03b3e146422f36b1d6a79743d
This script creates SPARQL UPDATE statements for changes in a given time
period. These statements can be applied to an existing database to
update it.
See tests for examples of how the statements look like.
Bug: T173774
Change-Id: I9867ad566c0619b55a48a011bd3c55321b1bfcff
SPDX released version 3 of their license list (<https://spdx.org/licenses/>),
which changed the FSF licenses to explicitly end in -only or -or-later
instead of relying on an easy to miss + symbol.
Bug: T183858
Change-Id: I4cbb98ea2bbacf46a57401dbba2bdb076fca1d3a
One of the skip-over loops was missing an feof() check and could
cause infinite loops.
Includes test file created by truncating a tiny tiny .jpeg at
the right place...
With the fix, it doesn't loop but dies on an exception, which
is good!
Bug: T184048
Change-Id: Ica13d6b68c3c12f7ce414edd081bf0886714e465
Removing unnecessary XML declaration prolog when embedding SVGs
as data URI and adding more complex elements & attributes to test.
Bug: T175318
Change-Id: Ibec8c2ab498554a6ad33b4420ae6258dcc80fcdf
Recursive partials are the only way to handle tree-like structures
such as nested lists. Allow setting FLAG_RUNTIMEPARTIAL in LightnCandy
so they can be used.
Since this has a slight performance impact (makes partial invocations
evaluation-time functions calls instead of compilation-time transclusions)
make it optional.
Change-Id: Ie37105a9f1ff92e1a79bfcd9f8578965e3d347f0
Using names that match real OOjs UI icons is confusing when trying to
find usages of the real icons and when debugging the tests.
Bug: T166730
Change-Id: Ibb97c0347476efc95f1a50c97822d7dab19737f2
