XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml
entities unexpanded, which can lead to false-negatives when the
callback was used for filtering. Update XmlTypeCheck to use XMLReader
instead, tell the library to fully expand entities, and rely on the
library to error out if it encounters XML that is likely to cause a DoS
if parsed.
Bug: T88310
Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba
Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got
around our blacklist on embedded href targets. Use a whitelist instead.
Bug: T85850
Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28
@import in embedded CSS is case-insensitive, meaning
an attacker can put "@iMpOrT" and it should still
work.
This uses stripos instead of strpos to make the check
case insensitive.
Bug: T85349
Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
* Use MediaWikiTestCase::getNewTempFile and getNewTempDirectory
instead of wfTempDir().
The upload api tests wrote a tempnam() file directly (where
wfTempDir() is typically shared with other systems and concurrent
runs). Use MediaWikiTestCase::getNewTempFile and
getNewTempDirectory instead.
This also ensures its removal by the teardown handler without
needing manual unlink() calls. And it doesn't rely on the test
passing. (Many unlink calls where at the bottom of tests,
which wouldn't be reached in case of failure).
* For the upload test, the presistent storing of
'Oberaargletscher_from_Oberaar.jpg' (downloaded from Commons)
was removed. Note that this didn't work for Jenkins builds anyway
as Jenkins builds set $wgTmpDirectory to a unique directory
in tmpfs associated with an individual build.
* For filebackend tests, moved directory creation from the dataProvider
to the main test.
Implemented addTmpFiles() to allow subclasses to register
additional files (created by other means) to be cleaned up also.
Removed unused $tmpName and $toPath parameters in data
provider for FileBackendTest::testStore. And fixed weird double
$op2 variable name to be called $op3.
* Skipped parserTest.inc, MockFileBackend.php, and
UploadFromUrlTestSuite.php as those don't use MediaWikiTestCase.
Change-Id: Ic7feb06ef0c1006eb99485470a1a59419f972545
Abstracts the logic for restoration into the built-in teardown()
handler.
Also purify the test configuration by setting wgHooks and
wgFileExtensions to otherwise empty arrays instead of extending
existing ones.
Change-Id: Ied65ee62f658dd650c603a54e72cd19965867a8f
* Filter <style> elements
* Normalize style elements and attributes before filtering
* Add checks for attributes that contain css
* Add unit tests for html5sec and reported bugs
Bug:69008
Change-Id: I732eece710f1bfaaeea1e5de541fcd4cfb375de7
