Page MenuHomePhabricator
Files F1426963

T108616_00.patch
dpatrick (Darian Anthony Patrick)
Actions

Authored By
dpatrick
Aug 12 2015, 10:58 PM
Size
929 B
Referenced Files
None
Subscribers
None

T108616_00.patch
View Options

From dace479c827f5dc907a846c35b493156628ad493 Mon Sep 17 00:00:00 2001
From: Darian Anthony Patrick <dpatrick@wikimedia.org>
Date: Wed, 12 Aug 2015 12:47:36 -0700
Subject: [PATCH] Avoid exposure of local path in PNG thumbnails
Bug: T108616
Change-Id: I952068d2d175d71f86dec0dbb92af5a122c05a49
---
includes/media/Bitmap.php | 2 ++
1 file changed, 2 insertions(+)
diff --git a/includes/media/Bitmap.php b/includes/media/Bitmap.php
index 4be20b2..1d7ef2d 100644
--- a/includes/media/Bitmap.php
+++ b/includes/media/Bitmap.php
@@ -162,6 +162,8 @@ class BitmapHandler extends TransformationalImageHandler {
( $params['comment'] !== ''
? array( '-set', 'comment', $this->escapeMagickProperty( $params['comment'] ) )
: array() ),
+ // T108616: Avoid exposure of local file path
+ array( '+set', 'Thumb::URI'),
array( '-depth', 8 ),
$sharpen,
array( '-rotate', "-$rotation" ),
--
2.3.2 (Apple Git-55)

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1462019
Default Alt Text
T108616_00.patch (929 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits