Page MenuHomePhabricator

svgmetadatalimit.diff

Authored By
bzimport
Nov 21 2014, 11:25 PM
Size
2 KB
Referenced Files
None
Subscribers
None

svgmetadatalimit.diff

Index: includes/DefaultSettings.php
===================================================================
--- includes/DefaultSettings.php (revision 83254)
+++ includes/DefaultSettings.php (working copy)
@@ -675,6 +675,9 @@
$wgSVGConverterPath = '';
/** Don't scale a SVG larger than this */
$wgSVGMaxSize = 2048;
+/** Don't read SVG metadata beyond this point.
+ * Default is 1024*256 bytes */
+$wgSVGMetadataCutoff = 262144;
/**
* MediaWiki will reject HTMLesque tags in uploaded files due to idiotic browsers which can't
Index: includes/media/SVGMetadataExtractor.php
===================================================================
--- includes/media/SVGMetadataExtractor.php (revision 83254)
+++ includes/media/SVGMetadataExtractor.php (working copy)
@@ -47,13 +47,33 @@
* @param $source String: URI from which to read
*/
function __construct( $source ) {
+ global $wgSVGMetadataCutoff;
$this->reader = new XMLReader();
- $this->reader->open( $source, null, LIBXML_NOERROR | LIBXML_NOWARNING );
+ if ( filesize( $source ) > $wgSVGMetadataCutoff ) {
+ $contents = file_get_contents( $source, false, null, -1, $wgSVGMetadataCutoff );
+ if ($source === false) {
+ throw new MWException( 'Error reading svg file.' );
+ }
+ $this->reader->XML( $contents, null, LIBXML_NOERROR | LIBXML_NOWARNING );
+ } else {
+ $this->reader->open( $source, null, LIBXML_NOERROR | LIBXML_NOWARNING );
+ }
+
$this->metadata['width'] = self::DEFAULT_WIDTH;
$this->metadata['height'] = self::DEFAULT_HEIGHT;
- $this->read();
+ // Because we cut off the end of the svg making an invalid one. Complicated
+ // try catch thing to make sure warnings get restored. Seems like their should
+ // be a better way.
+ wfSuppressWarnings();
+ try {
+ $this->read();
+ } catch( Exception $e ) {
+ wfRestoreWarnings();
+ throw $e;
+ }
+ wfRestoreWarnings();
}
/*
@@ -98,10 +118,14 @@
$this->readField( $tag, 'description' );
} elseif ( $this->qualifiedNameEquals( $tag, 'svg', 'metadata' ) && $type == XmlReader::ELEMENT ) {
$this->readXml( $tag, 'metadata' );
- } elseif ( $tag !== '#text' ) {
+ } else {
$this->debug( "Unhandled top-level XML tag $tag" );
- $this->animateFilter( $tag );
- //$skip = true;
+
+ $skip = true;
+ if ( $tag !== '#text' && !isset( $this->metadata['animated'] ) ) {
+ $skip = false;
+ $this->animateFilter( $tag );
+ }
}
if ($skip) {

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
6988
Default Alt Text
svgmetadatalimit.diff (2 KB)

Event Timeline