b7ee3aca38
XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml entities unexpanded, which can lead to false-negatives when the callback was used for filtering. Update XmlTypeCheck to use XMLReader instead, tell the library to fully expand entities, and rely on the library to error out if it encounters XML that is likely to cause a DoS if parsed. Bug: T88310 Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba
422 lines
19 KiB
PHP
422 lines
19 KiB
PHP
<?php
|
|
|
|
/**
|
|
* @group Upload
|
|
*/
|
|
class UploadBaseTest extends MediaWikiTestCase {
|
|
|
|
/** @var UploadTestHandler */
|
|
protected $upload;
|
|
|
|
protected function setUp() {
|
|
parent::setUp();
|
|
|
|
$this->upload = new UploadTestHandler;
|
|
|
|
$this->setMwGlobals( 'wgHooks', array(
|
|
'InterwikiLoadPrefix' => array(
|
|
function ( $prefix, &$data ) {
|
|
return false;
|
|
}
|
|
),
|
|
) );
|
|
}
|
|
|
|
/**
|
|
* First checks the return code
|
|
* of UploadBase::getTitle() and then the actual returned title
|
|
*
|
|
* @dataProvider provideTestTitleValidation
|
|
* @covers UploadBase::getTitle
|
|
*/
|
|
public function testTitleValidation( $srcFilename, $dstFilename, $code, $msg ) {
|
|
/* Check the result code */
|
|
$this->assertEquals( $code,
|
|
$this->upload->testTitleValidation( $srcFilename ),
|
|
"$msg code" );
|
|
|
|
/* If we expect a valid title, check the title itself. */
|
|
if ( $code == UploadBase::OK ) {
|
|
$this->assertEquals( $dstFilename,
|
|
$this->upload->getTitle()->getText(),
|
|
"$msg text" );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Test various forms of valid and invalid titles that can be supplied.
|
|
*/
|
|
public static function provideTestTitleValidation() {
|
|
return array(
|
|
/* Test a valid title */
|
|
array( 'ValidTitle.jpg', 'ValidTitle.jpg', UploadBase::OK,
|
|
'upload valid title' ),
|
|
/* A title with a slash */
|
|
array( 'A/B.jpg', 'B.jpg', UploadBase::OK,
|
|
'upload title with slash' ),
|
|
/* A title with illegal char */
|
|
array( 'A:B.jpg', 'A-B.jpg', UploadBase::OK,
|
|
'upload title with colon' ),
|
|
/* Stripping leading File: prefix */
|
|
array( 'File:C.jpg', 'C.jpg', UploadBase::OK,
|
|
'upload title with File prefix' ),
|
|
/* Test illegal suggested title (r94601) */
|
|
array( '%281%29.JPG', null, UploadBase::ILLEGAL_FILENAME,
|
|
'illegal title for upload' ),
|
|
/* A title without extension */
|
|
array( 'A', null, UploadBase::FILETYPE_MISSING,
|
|
'upload title without extension' ),
|
|
/* A title with no basename */
|
|
array( '.jpg', null, UploadBase::MIN_LENGTH_PARTNAME,
|
|
'upload title without basename' ),
|
|
/* A title that is longer than 255 bytes */
|
|
array( str_repeat( 'a', 255 ) . '.jpg', null, UploadBase::FILENAME_TOO_LONG,
|
|
'upload title longer than 255 bytes' ),
|
|
/* A title that is longer than 240 bytes */
|
|
array( str_repeat( 'a', 240 ) . '.jpg', null, UploadBase::FILENAME_TOO_LONG,
|
|
'upload title longer than 240 bytes' ),
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Test the upload verification functions
|
|
* @covers UploadBase::verifyUpload
|
|
*/
|
|
public function testVerifyUpload() {
|
|
/* Setup with zero file size */
|
|
$this->upload->initializePathInfo( '', '', 0 );
|
|
$result = $this->upload->verifyUpload();
|
|
$this->assertEquals( UploadBase::EMPTY_FILE,
|
|
$result['status'],
|
|
'upload empty file' );
|
|
}
|
|
|
|
// Helper used to create an empty file of size $size.
|
|
private function createFileOfSize( $size ) {
|
|
$filename = $this->getNewTempFile();
|
|
|
|
$fh = fopen( $filename, 'w' );
|
|
ftruncate( $fh, $size );
|
|
fclose( $fh );
|
|
|
|
return $filename;
|
|
}
|
|
|
|
/**
|
|
* test uploading a 100 bytes file with $wgMaxUploadSize = 100
|
|
*
|
|
* This method should be abstracted so we can test different settings.
|
|
*/
|
|
public function testMaxUploadSize() {
|
|
$this->setMwGlobals( array(
|
|
'wgMaxUploadSize' => 100,
|
|
'wgFileExtensions' => array(
|
|
'txt',
|
|
),
|
|
) );
|
|
|
|
$filename = $this->createFileOfSize( 100 );
|
|
$this->upload->initializePathInfo( basename( $filename ) . '.txt', $filename, 100 );
|
|
$result = $this->upload->verifyUpload();
|
|
|
|
$this->assertEquals(
|
|
array( 'status' => UploadBase::OK ),
|
|
$result
|
|
);
|
|
}
|
|
|
|
|
|
/**
|
|
* @dataProvider provideCheckSvgScriptCallback
|
|
*/
|
|
public function testCheckSvgScriptCallback( $svg, $wellFormed, $filterMatch, $message ) {
|
|
list( $formed, $match ) = $this->upload->checkSvgString( $svg );
|
|
$this->assertSame( $wellFormed, $formed, $message );
|
|
$this->assertSame( $filterMatch, $match, $message );
|
|
}
|
|
|
|
public static function provideCheckSvgScriptCallback() {
|
|
return array(
|
|
// html5sec SVG vectors
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>',
|
|
true,
|
|
true,
|
|
'Script tag in svg (http://html5sec.org/#47)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>',
|
|
true,
|
|
true,
|
|
'SVG with onload property (http://html5sec.org/#11)'
|
|
),
|
|
array(
|
|
'<svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>',
|
|
true,
|
|
true,
|
|
'SVG with onload property (http://html5sec.org/#65)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(1)"><rect width="1000" height="1000" fill="white"/></a> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with javascript xlink (http://html5sec.org/#87)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><use xlink:href="data:application/xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjUwIiBjeD0iMTAwIiBjeT0iMTAwIiBzdHlsZT0iZmlsbDogI0YwMCI+CjxzZXQgYXR0cmlidXRlTmFtZT0iZmlsbCIgYXR0cmlidXRlVHlwZT0iQ1NTIiBvbmJlZ2luPSdhbGVydChkb2N1bWVudC5jb29raWUpJwpvbmVuZD0nYWxlcnQoIm9uZW5kIiknIHRvPSIjMDBGIiBiZWdpbj0iMXMiIGR1cj0iNXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with Opera image xlink (http://html5sec.org/#88 - c)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <animation xlink:href="javascript:alert(1)"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with Opera animation xlink (http://html5sec.org/#88 - a)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <animation xlink:href="data:text/xml,%3Csvg xmlns=\'http://www.w3.org/2000/svg\' onload=\'alert(1)\'%3E%3C/svg%3E"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with Opera animation xlink (http://html5sec.org/#88 - b)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <image xlink:href="data:image/svg+xml,%3Csvg xmlns=\'http://www.w3.org/2000/svg\' onload=\'alert(1)\'%3E%3C/svg%3E"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with Opera image xlink (http://html5sec.org/#88 - c)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <foreignObject xlink:href="javascript:alert(1)"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with Opera foreignObject xlink (http://html5sec.org/#88 - d)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <foreignObject xlink:href="data:text/xml,%3Cscript xmlns=\'http://www.w3.org/1999/xhtml\'%3Ealert(1)%3C/script%3E"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with Opera foreignObject xlink (http://html5sec.org/#88 - e)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <set attributeName="onmouseover" to="alert(1)"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with event handler set (http://html5sec.org/#89 - a)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <animate attributeName="onunload" to="alert(1)"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with event handler animate (http://html5sec.org/#89 - a)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with element handler (http://html5sec.org/#94)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <feImage> <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/> </feImage> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with href to data: url (http://html5sec.org/#95)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" id="foo"> <x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with Tiny handler (http://html5sec.org/#104)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"><rect fill="white" width="1000" height="1000"/></a> <rect fill="white" style="clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with new CSS styles properties (http://html5sec.org/#109)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"><rect fill="white" width="1000" height="1000"/></a> <rect clip-path="url(test3.svg#a)" /> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with new CSS styles properties as attributes'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <a id="x"> <rect fill="white" width="1000" height="1000"/> </a> <rect fill="url(http://html5sec.org/test3.svg#a)" /> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with new CSS styles properties as attributes (2)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <path d="M0,0" style="marker-start:url(test4.svg#a)"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with path marker-start (http://html5sec.org/#110)'
|
|
),
|
|
array(
|
|
'<?xml version="1.0"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <!DOCTYPE doc [ <!ATTLIST xsl:stylesheet id ID #REQUIRED>]> <svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert(1)"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with embedded stylesheet (http://html5sec.org/#125)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" id="x"> <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/> <handler id="y">alert(1)</handler> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with handler attribute (http://html5sec.org/#127)'
|
|
),
|
|
array(
|
|
// Haven't found a browser that accepts this particular example, but we
|
|
// don't want to allow embeded svgs, ever
|
|
'<svg> <image style=\'filter:url("data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ/YWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg==")\' /> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with image filter via style (http://html5sec.org/#129)'
|
|
),
|
|
array(
|
|
// This doesn't seem possible without embedding the svg, but just in case
|
|
'<svg> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"> <circle r="400"></circle> <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="" /> </a></svg>',
|
|
true,
|
|
true,
|
|
'SVG with animate from (http://html5sec.org/#137)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <a><text y="1em">Click me</text> <animate attributeName="xlink:href" values="javascript:alert(\'Bang!\')" begin="0s" dur="0.1s" fill="freeze" /> </a></svg>',
|
|
true,
|
|
true,
|
|
'SVG with animate xlink:href (http://html5sec.org/#137)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:y="http://www.w3.org/1999/xlink"> <a y:href="#"> <text y="1em">Click me</text> <animate attributeName="y:href" values="javascript:alert(\'Bang!\')" begin="0s" dur="0.1s" fill="freeze" /> </a> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with animate y:href (http://html5sec.org/#137)'
|
|
),
|
|
|
|
// Other hostile SVG's
|
|
array(
|
|
'<?xml version="1.0" encoding="UTF-8" standalone="no"?> <svg xmlns:xlink="http://www.w3.org/1999/xlink"> <image xlink:href="https://upload.wikimedia.org/wikipedia/commons/3/34/Bahnstrecke_Zeitz-Camburg_1930.png" /> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with non-local image href (bug 65839)'
|
|
),
|
|
array(
|
|
'<?xml version="1.0" ?> <?xml-stylesheet type="text/xsl" href="/w/index.php?title=User:Jeeves/test.xsl&action=raw&format=xml" ?> <svg> <height>50</height> <width>100</width> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with remote stylesheet (bug 57550)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" viewbox="-1 -1 15 15"> <rect y="0" height="13" width="12" stroke="#179" rx="1" fill="#2ac"/> <text x="1.5" y="11" font-family="courier" stroke="white" font-size="16"><![CDATA[B]]></text> <iframe xmlns="http://www.w3.org/1999/xhtml" srcdoc="<script>alert('XSSED => Domain('+top.document.domain+')');</script>"></iframe> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with rembeded iframe (bug 60771)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" viewBox="6 3 177 153" xmlns:xlink="http://www.w3.org/1999/xlink"> <style>@import url("https://fonts.googleapis.com/css?family=Bitter:700&text=WebPlatform.org");</style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold">WebPlatform.org</text> </g> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with @import in style element (bug 69008)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" viewBox="6 3 177 153" xmlns:xlink="http://www.w3.org/1999/xlink"> <style>@import url("https://fonts.googleapis.com/css?family=Bitter:700&text=WebPlatform.org");<foo/></style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold">WebPlatform.org</text> </g> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with @import in style element and child element (bug 69008#c11)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" viewBox="6 3 177 153" xmlns:xlink="http://www.w3.org/1999/xlink"> <style>@imporT "https://fonts.googleapis.com/css?family=Bitter:700&text=WebPlatform.org";</style> <g transform="translate(-.5,-.5)"> <text fill="#474747" x="95" y="150" text-anchor="middle" font-family="Bitter" font-size="20" font-weight="bold">WebPlatform.org</text> </g> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with case-insensitive @import in style element (bug T85349)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:url(https://www.google.com/images/srpr/logo11w.png)"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with remote background image (bug 69008)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:\55rl(https://www.google.com/images/srpr/logo11w.png)"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with remote background image, encoded (bug 69008)'
|
|
),
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <style> #a { background-image:\55rl(\'https://www.google.com/images/srpr/logo11w.png\'); } </style> <rect width="100" height="100" id="a"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with remote background image, in style element (bug 69008)'
|
|
),
|
|
array(
|
|
// This currently doesn't seem to work in any browsers, but in case
|
|
// http://www.w3.org/TR/css3-images/ is implemented for SVG files
|
|
'<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:image(\'sprites.svg#xywh=40,0,20,20\')"/> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with remote background image using image() (bug 69008)'
|
|
),
|
|
array(
|
|
// As reported by Cure53
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <a xlink:href="data:text/html;charset=utf-8;base64, PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ%2BDQo%3D"> <circle r="400" fill="red"></circle> </a> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with data:text/html link target (firefox only)'
|
|
),
|
|
array(
|
|
'<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ <!ENTITY lol "lol"> <!ENTITY lol2 "<script>alert('XSSED => '+document.domain);</script>"> ]> <svg xmlns="http://www.w3.org/2000/svg" width="68" height="68" viewBox="-34 -34 68 68" version="1.1"> <circle cx="0" cy="0" r="24" fill="#c8c8c8"/> <text x="0" y="0" fill="black">&lol2;</text> </svg>',
|
|
true,
|
|
true,
|
|
'SVG with encoded script tag in internal entity (reported by Beyond Security)'
|
|
),
|
|
array(
|
|
'<?xml version="1.0"?> <!DOCTYPE svg [ <!ENTITY foo SYSTEM "file:///etc/passwd"> ]> <svg xmlns="http://www.w3.org/2000/svg" version="1.1"> <desc>&foo;</desc> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:1;stroke:rgb(0,0,2)" /> </svg>',
|
|
false,
|
|
false,
|
|
'SVG with external entity'
|
|
),
|
|
|
|
// Test good, but strange files that we want to allow
|
|
array(
|
|
'<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <g> <a xlink:href="http://en.wikipedia.org/wiki/Main_Page"> <path transform="translate(0,496)" id="path6706" d="m 112.09375,107.6875 -5.0625,3.625 -4.3125,5.03125 -0.46875,0.5 -4.09375,3.34375 -9.125,5.28125 -8.625,-3.375 z" style="fill:#cccccc;fill-opacity:1;stroke:#6e6e6e;stroke-width:0.69999999;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;display:inline" /> </a> </g> </svg>',
|
|
true,
|
|
false,
|
|
'SVG with <a> link to a remote site'
|
|
),
|
|
array(
|
|
'<svg> <defs> <filter id="filter6226" x="-0.93243687" width="2.8648737" y="-0.24250539" height="1.4850108"> <feGaussianBlur stdDeviation="3.2344681" id="feGaussianBlur6228" /> </filter> <clipPath id="clipPath2436"> <path d="M 0,0 L 0,0 L 0,0 L 0,0 z" id="path2438" /> </clipPath> </defs> <g clip-path="url(#clipPath2436)" id="g2460"> <text id="text2466"> <tspan>12345</tspan> </text> </g> <path style="fill:#346733;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:round;stroke-linejoin:bevel;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:1, 1;stroke-dashoffset:0;filter:url(\'#filter6226\');fill-opacity:1;opacity:0.79807692" d="M 236.82371,332.63732 C 236.92217,332.63732 z" id="path5618" /> </svg>',
|
|
true,
|
|
false,
|
|
'SVG with local urls, including filter: in style'
|
|
),
|
|
);
|
|
}
|
|
}
|
|
|
|
class UploadTestHandler extends UploadBase {
|
|
public function initializeFromRequest( &$request ) {
|
|
}
|
|
|
|
public function testTitleValidation( $name ) {
|
|
$this->mTitle = false;
|
|
$this->mDesiredDestName = $name;
|
|
$this->mTitleError = UploadBase::OK;
|
|
$this->getTitle();
|
|
|
|
return $this->mTitleError;
|
|
}
|
|
|
|
/**
|
|
* Almost the same as UploadBase::detectScriptInSvg, except it's
|
|
* public, works on an xml string instead of filename, and returns
|
|
* the result instead of interpreting them.
|
|
*/
|
|
public function checkSvgString( $svg ) {
|
|
$check = new XmlTypeCheck(
|
|
$svg,
|
|
array( $this, 'checkSvgScriptCallback' ),
|
|
false,
|
|
array( 'processing_instruction_handler' => 'UploadBase::checkSvgPICallback' )
|
|
);
|
|
return array( $check->wellFormed, $check->filterMatch );
|
|
}
|
|
}
|