Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes
History
Brian Wolff bc31c5bd57 SECURITY: Whitelist DTD declaration in SVG 
Only allow ENTITY declarations inside the doctype internal
subset. Do not allow parameter entities, recursive entity
references are entity values longer than 255 bytes, or
external entity references. Filter external doctype subset
to only allow the standard svg doctypes.

Recursive entities that are simple aliases are allowed
because people appear to use them on commons. Declaring
xmlns:xlink to have a #FIXED value to the xlink namespace
is allowed because GraphViz apparently does that so its
somewhat common.

This prevents someone bypassing filter by using default
attribute values in internal dtd subset. No browser loads
the external dtd subset that I could find, but whitelist
just to be safe anyways.

Issue reported by Cassiogomes11.

Bug: T151735
Change-Id: I7cb4690f759ad97e70e06e560978b6207d84c446
2017-04-06 13:43:04 -07:00
..
actions Revert "Make an empty "?action=" parameter default to "view"" 2016-05-18 18:54:50 +00:00
api Fix ApiMainTest::testApiErrorFormatterCreation 2017-04-03 09:44:13 -04:00
auth Don't create user in AuthManagerTest dataProvider 2017-03-18 15:45:04 -04:00
cache tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
changes changes: Remove assertTag from RCCacheEntryFactoryTest 2017-03-31 17:20:25 -07:00
composer
config Get ConfigFactory & MainConfig from MediaWikiServices 2016-11-23 00:12:38 +00:00
content Miscellaneous indentation tweaks 2017-02-27 19:23:54 +01:00
context Fix numerous class/function casing 2016-03-18 23:14:49 +00:00
db Move IDatabase/IMaintainableDatabase to Rdbms namespace 2017-03-28 15:32:38 -07:00
debug Rewrite logstash key conflict warning from I6677dbf6 2016-11-29 11:14:08 +00:00
deferred Add accessor to DeferredUpdates 2017-03-03 13:32:05 +00:00
diff
exception Remove empty lines at end of functions 2016-11-05 11:55:10 +01:00
externalstore
filebackend Fix @covers for FileBackend 2017-02-27 19:12:22 +11:00
filerepo Remove left-over references from comments to removed FSRepo class 2017-01-07 16:00:07 +00:00
GlobalFunctions Add missing @group Database tags in tests 2017-03-18 19:13:18 -04:00
htmlform Merge "HTMLForm: Allow returning Message objects from HTMLFormField::validate()" 2016-11-25 09:11:07 +00:00
http HttpFunctions: Increase code coverage 2017-03-29 00:27:57 +00:00
import Get ConfigFactory & MainConfig from MediaWikiServices 2016-11-23 00:12:38 +00:00
installer DatabaseUpdater: Stop inserting junk into 'updatelog' every time the updater runs 2016-11-30 20:13:30 +00:00
interwiki Removed deprecated usages of Interwiki methods in core 2017-01-10 12:19:31 +02:00
jobqueue Merge "CatWatch don't show the number of pages transcluded" 2016-04-14 14:10:12 +00:00
json Remove spaces after cast operators 2016-10-31 13:57:39 +00:00
libs Merge "Add class for service discovery using DNS SRV records" 2017-04-04 22:26:39 +00:00
linker Remove empty lines at end of functions 2016-11-05 11:55:10 +01:00
logging tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
mail
media tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
objectcache objectcache: Never use CACHE_NONE for CACHE_ANYTHING 2017-03-30 01:38:15 +00:00
page tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
pager Remove trailing empty lines in PHP 2017-01-16 22:06:43 +01:00
parser Fix @covers for (non-integration) parser tests 2017-02-27 15:47:56 +11:00
password Add missing @group Database tags in tests 2017-03-18 19:13:18 -04:00
poolcounter Include type in hashKeyIntoSlots() 2016-05-09 16:54:51 -07:00
rcfeed Add missing @group Database tags in tests 2017-03-18 19:13:18 -04:00
registration registration: Always specify version number in extension.schema.json file 2016-12-16 11:47:15 -08:00
resourceloader resourceloader: Improve code coverage 2017-04-05 18:19:48 -07:00
search Don't use $this as a function argument 2017-03-13 11:12:50 -07:00
Services Allow resources to be salvaged across service resets. 2016-05-19 12:38:07 +02:00
session Demote "Unverified user provided and no metadata to auth it" log message to info 2017-02-17 01:00:39 +00:00
site Add more specific Site[] type hints to SiteStore classes 2017-01-11 16:39:13 +00:00
skins phpunit: Fix OutputPage::__construct warning in SkinTemplateTest 2017-02-08 18:19:43 +00:00
specialpage RCFilters: Remove isAllowedCallable and isAllowed 2017-03-31 01:49:44 -04:00
specials Avoid database connection in SpecialSearchTest data provider 2017-03-18 15:43:16 -04:00
tidy Merge "RemexHtml tidy driver with p-wrapping" 2017-03-08 15:24:36 +00:00
title Avoid database access in ImportTitleFactory tests dataProviders 2017-03-18 19:12:52 -04:00
upload SECURITY: Whitelist DTD declaration in SVG 2017-04-06 13:43:04 -07:00
user RCFilters UI: Highlight behavior 2017-02-23 10:58:56 -08:00
utils Miscellaneous indentation tweaks 2017-02-27 19:23:54 +01:00
BlockTest.php tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
CollationTest.php
DiffHistoryBlobTest.php
EditPageTest.php tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
ExportTest.php DumpStringOutput: Rename getOutput() to __toString() 2016-07-14 06:28:16 -04:00
ExtraParserTest.php tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
FauxRequestTest.php FauxRequest: Complete code coverage for FauxRequestTest 2017-04-01 01:25:02 +00:00
FauxResponseTest.php Fix numerous class/function casing 2016-03-18 23:14:49 +00:00
FormOptionsInitializationTest.php Remove "Generated by PHPUnit" comments in 3 files 2016-12-13 03:20:04 +00:00
FormOptionsTest.php Remove "Generated by PHPUnit" comments in 3 files 2016-12-13 03:20:04 +00:00
GitInfoTest.php Remove empty lines at end of functions 2016-11-05 11:55:10 +01:00
HooksTest.php
HtmlTest.php Html: Add a few @covers for HtmlTest 2017-03-31 18:13:24 -07:00
LicensesTest.php
LinkerTest.php bidi-isolate usernames in Linker::userLink 2016-08-31 17:44:06 -07:00
LinkFilterTest.php Move LikeMatch to Rdbms namespace 2017-02-06 21:20:39 -08:00
MediaWikiServicesTest.php Move LBFactory to Rdbms namespace 2017-02-03 17:24:03 -08:00
MediaWikiTest.php Revert "MediaWiki.php: Redirect non-standard title urls to canonical" 2016-09-09 21:45:27 +00:00
MediaWikiVersionFetcherTest.php
MergeHistoryTest.php Whenever possible, reuse User objects in unit tests 2016-05-26 20:42:31 +00:00
MessageTest.php SECURITY: Disable <html> tag on system messages despite $wgRawHtml = true; 2017-03-28 21:51:44 +00:00
MovePageTest.php
MWNamespaceTest.php Miscellaneous indentation tweaks 2017-02-27 19:23:54 +01:00
MWTimestampTest.php Split out ConvertableTimestamp class 2016-09-16 03:00:09 +00:00
OutputPageTest.php Add missing @group Database tags in tests 2017-03-18 19:13:18 -04:00
PagePropsTest.php Remove empty lines at end of functions 2016-11-05 11:55:10 +01:00
PathRouterTest.php Swap the rest of array() -> [] 2016-03-30 22:04:58 +00:00
PreferencesTest.php tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
PrefixSearchTest.php tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
RevisionStorageTest.php Revision::getText() was removed 2017-01-19 01:57:38 +00:00
RevisionStorageTestContentHandlerUseDB.php
RevisionTest.php Revision::getText() was removed 2017-01-19 01:57:38 +00:00
SampleTest.php Update weblinks in comments from HTTP to HTTPS 2016-11-07 15:24:46 +01:00
SanitizerTest.php tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
SanitizerValidateEmailTest.php tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
SiteConfigurationTest.php
StatusTest.php tests: Fix invalid @covers value in StatusTest.php 2016-09-22 18:29:28 +01:00
TemplateCategoriesTest.php Remove empty lines at end of functions 2016-11-05 11:55:10 +01:00
TemplateParserTest.php Better path traversal prevention in TemplateParser. 2017-03-14 18:43:11 +00:00
TestingAccessWrapper.php
TestingAccessWrapperTest.php
TestLogger.php Add TestLogger::setCollectContext and fluent interface 2017-02-01 01:45:28 +01:00
TestUser.php Make deprecated TestUser properties private 2016-06-22 15:43:54 +00:00
TestUserRegistry.php Whenever possible, reuse User objects in unit tests 2016-05-26 20:42:31 +00:00
TimeAdjustTest.php
TitleArrayFromResultTest.php
TitleMethodsTest.php
TitlePermissionTest.php Add the concept of "system blocks" 2016-12-16 12:30:03 -05:00
TitleTest.php tests: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 02:14:34 +00:00
WatchedItemIntegrationTest.php Merge "Remove missed WatchedItem::resetNotificationTimestamp in test" 2016-07-28 10:22:59 +00:00
WatchedItemQueryServiceUnitTest.php API: i18n for warnings and errors 2016-12-06 10:20:48 -05:00
WatchedItemStoreIntegrationTest.php add setNotificationTimestampsForUser to WatchedItemStore 2016-05-18 08:50:46 +00:00
WatchedItemStoreUnitTest.php WatchedItemStore::setNotificationTimestampsForUser(): Allow clearing timestamp 2016-12-16 14:31:24 -05:00
WatchedItemUnitTest.php Remove unused deprecated WatchedItem methods 2016-07-26 10:52:31 +00:00
WebRequestTest.php Move IP::isConfigured/TrustedProxy() to ProxyLookup service 2016-09-21 20:02:09 -07:00
WikiMapTest.php Improve WikiMap::getWikiReferenceFromWgConf() 2016-07-06 14:20:07 -04:00
WikiReferenceTest.php
XmlJsTest.php
XmlSelectTest.php Update weblinks in comments from HTTP to HTTPS 2016-10-11 17:25:10 +00:00
XmlTest.php Xml: Add test for listDropDown and remove unused getArrayFromWikiTextList 2017-03-20 22:47:19 +00:00