bug60339-pdfhandler-wmf10.patch
Public
Actions

Authored By

	• bzimport
	Nov 22 2014, 2:55 AM

Size

1 KB

Referenced Files

None

Subscribers

None

bug60339-pdfhandler-wmf10.patch
View Options

	From 95b93cbf64add255dee53275649e3f7abd9cb687 Mon Sep 17 00:00:00 2001
	From: csteipp <csteipp@wikimedia.org>
	Date: Mon, 27 Jan 2014 13:01:06 -0800
	Subject: [PATCH] SECURITY: Escape all shell arguments

	Ensure all shell arguments are escaped individually.

	Bug: 60339
	---
	PdfHandler_body.php \| 29 ++++++++++++++++++++++-------
	1 file changed, 22 insertions(+), 7 deletions(-)

	diff --git a/PdfHandler_body.php b/PdfHandler_body.php
	index 8fa6719..d9ed488 100644
	--- a/PdfHandler_body.php
	+++ b/PdfHandler_body.php
	@@ -167,13 +167,28 @@ class PdfHandler extends ImageHandler {

	$srcPath = $image->getLocalRefPath();

	- $cmd = '(' . wfEscapeShellArg( $wgPdfProcessor );
	- $cmd .= " -sDEVICE=jpeg -sOutputFile=- -dFirstPage={$page} -dLastPage={$page}";
	- $cmd .= " -r{$wgPdfHandlerDpi} -dBATCH -dNOPAUSE -q ". wfEscapeShellArg( $srcPath );
	- $cmd .= " \| " . wfEscapeShellArg( $wgPdfPostProcessor );
	- $cmd .= " -depth 8 -resize {$width} - ";
	- $cmd .= wfEscapeShellArg( $dstPath ) . ")";
	- $cmd .= " 2>&1";
	+ $cmd = '(' . wfEscapeShellArg(
	+ $wgPdfProcessor,
	+ "-sDEVICE=jpeg",
	+ "-sOutputFile=-",
	+ "-dFirstPage={$page}",
	+ "-dLastPage={$page}",
	+ "-r{$wgPdfHandlerDpi}",
	+ "-dBATCH",
	+ "-dNOPAUSE",
	+ "-q",
	+ $srcPath
	+ );
	+ $cmd .= " \| " . wfEscapeShellArg(
	+ $wgPdfPostProcessor,
	+ "-depth",
	+ "8",
	+ "-resize",
	+ $width,
	+ "-",
	+ $dstPath
	+ );
	+ $cmd .= ") 2>&1";

	wfProfileIn( 'PdfHandler' );
	wfDebug( __METHOD__ . ": $cmd\n" );
	--
	1.8.4