Page MenuHomePhabricator

0001-SECURITY-Move-badFile-lookup-to-Linker-REL1_38.patch

Authored By
Reedy
Jun 29 2023, 9:51 PM
Size
3 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-Move-badFile-lookup-to-Linker-REL1_38.patch

From d1156d7302acf9520b28f5931e299d8d10814314 Mon Sep 17 00:00:00 2001
From: Arlo Breault <abreault@wikimedia.org>
Date: Thu, 29 Jun 2023 17:03:15 -0400
Subject: [PATCH] SECURITY: Move badFile lookup to Linker
Bug: T335612
Change-Id: I849d02f1d3dc9995353b7a9995601d214053dca3
---
includes/Linker.php | 13 +++++++++++--
includes/parser/Parser.php | 34 ++++++++++++++++------------------
2 files changed, 27 insertions(+), 20 deletions(-)
diff --git a/includes/Linker.php b/includes/Linker.php
index 83e4219094c..411d217b0ac 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -443,7 +443,10 @@ class Linker {
$thumb = false;
}
- if ( !$thumb ) {
+ $isBadFile = $file && $thumb && $parser &&
+ $parser->getBadFileLookup()->isBadFile( $title->getDBkey(), $parser->getTitle() );
+
+ if ( !$thumb || $isBadFile ) {
$rdfaType = 'mw:Error ' . $rdfaType;
$label = '';
if ( $enableLegacyMediaDOM ) {
@@ -712,6 +715,12 @@ class Linker {
. "<div class=\"thumbinner\" style=\"width:{$outerWidth}px;\">";
}
+ $isBadFile = $exists && $thumb && $parser &&
+ $parser->getBadFileLookup()->isBadFile(
+ $manualthumb ? $manual_title : $title->getDBkey(),
+ $parser->getTitle()
+ );
+
if ( !$exists ) {
$label = '';
if ( $enableLegacyMediaDOM ) {
@@ -723,7 +732,7 @@ class Linker {
$title, $label, '', '', '', (bool)$time, $handlerParams
);
$zoomIcon = '';
- } elseif ( !$thumb ) {
+ } elseif ( !$thumb || $isBadFile ) {
if ( $enableLegacyMediaDOM ) {
$s .= wfMessage( 'thumbnail_error', '' )->escaped();
} else {
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index dcb9d9ac201..2b0351399fe 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -2661,25 +2661,23 @@ class Parser {
}
if ( $ns === NS_FILE ) {
- if ( !$this->badFileLookup->isBadFile( $nt->getDBkey(), $this->getTitle() ) ) {
- if ( $wasblank ) {
- # if no parameters were passed, $text
- # becomes something like "File:Foo.png",
- # which we don't want to pass on to the
- # image generator
- $text = '';
- } else {
- # recursively parse links inside the image caption
- # actually, this will parse them in any other parameters, too,
- # but it might be hard to fix that, and it doesn't matter ATM
- $text = $this->handleExternalLinks( $text );
- $holders->merge( $this->handleInternalLinks2( $text ) );
- }
- # cloak any absolute URLs inside the image markup, so handleExternalLinks() won't touch them
- $s .= $prefix . $this->armorLinks(
- $this->makeImage( $nt, $text, $holders ) ) . $trail;
- continue;
+ if ( $wasblank ) {
+ # if no parameters were passed, $text
+ # becomes something like "File:Foo.png",
+ # which we don't want to pass on to the
+ # image generator
+ $text = '';
+ } else {
+ # recursively parse links inside the image caption
+ # actually, this will parse them in any other parameters, too,
+ # but it might be hard to fix that, and it doesn't matter ATM
+ $text = $this->handleExternalLinks( $text );
+ $holders->merge( $this->handleInternalLinks2( $text ) );
}
+ # cloak any absolute URLs inside the image markup, so handleExternalLinks() won't touch them
+ $s .= $prefix . $this->armorLinks(
+ $this->makeImage( $nt, $text, $holders ) ) . $trail;
+ continue;
} elseif ( $ns === NS_CATEGORY ) {
/**
* Strip the whitespace Category links produce, see T2087
--
2.34.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
10911993
Default Alt Text
0001-SECURITY-Move-badFile-lookup-to-Linker-REL1_38.patch (3 KB)

Event Timeline