Page MenuHomePhabricator

CSSMin does file_exist() on embedded data: urls causing php warnings
Closed, ResolvedPublic

Description

Author: stroupb

Description:
After updating to 1.21 and still after updating to 1.22.2, the Vector skin doesn't load properly. This happens with every page on the wiki all the time. Other skins work just fine. The content of the pages load without any issues, it just isn't formatted. No divs or tabs, just a column of text.

I tried to get help on the Support Desk so there might be some useful information at http://www.mediawiki.org/w/index.php?title=Project:Support_desk&limit=20#Vector_Skin_Not_Loading_After_Update_to_1.22_38821.


Version: 1.22.2
Severity: normal
OS: Windows Server 2008
Platform: PC
URL: https://www.mediawiki.org/wiki/Thread:Project:Support_desk/Vector_Skin_Not_Loading_After_Update_to_1.22

Details

Reference
bz60960

Event Timeline

bzimport raised the priority of this task from to Normal.
bzimport set Reference to bz60960.
bzimport created this task.Feb 6 2014, 1:09 PM
  • Bug 60961 has been marked as a duplicate of this bug. ***

MW 1.22.2 PHP 5.4.1 MySQL 5.5.24

Ciencia Al Poder commented on the Support Desk thread:
This seems to be a bug.
https://git.wikimedia.org/blob/mediawiki%2Fcore.git/REL1_22/includes%2Flibs%2FCSSMin.php#L76
It's looking for file_exists() based on the match of URL_REGEX, which only
takes into account all url() values in CSS, but it doesn't filter for data:
URL, which is unnecessarily feeding file_exists() for data: URLs that aren't
going to be found on the server.
In fact, I don't see any further validation on those paths, so I don't know
if a malicious CSS file can expose any file accessible from PHP.

The relevant error message:

PHP Warning: file_exists(): File name is longer than the maximum allowed path length on this platform (260): C:\inetpub\wwwroot\w/skins/vector/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFgAAAAQCAMAAAClQEgHAAADAFBMVEXz+fv/91w/+t3P/G0NOh2v/N2evy/v665f/O7P7O8f/C5f+FuuePtcGW1v+O0f6g1v/a1cvCsnHx45T5+vzKwq2+rGN5xP/f2s/6+vme1v+b1P+HzP+W0v9zwf+Uv86+rXT+/uuFxPTEsmWi3f/Y8v+z3/+Y1k1IuZ2v9xxP/JtmTo7POJw+664v/C7f+xx+F+tuPj5ufq7e2Ktsbs8fl9zP/R3vDD6v/Ny4v1/v+Gy/+zz6utvcKJxPLU7v+Ou87Wz768zJShydqUsrx3xf+9WUyvS02Oqn3v+j3frZ6M3i9v/Nw3uw3f+98/+Erb7It4iSuuLbx2uIrbqCteJxw/++5v+Lzv/K1NXt/P+9rWi/soaxqZDPzMZsvv/r6ufy8O319vdovf/+/f3x7+qt3/++tqTy8vDf2czIslD29vWq2v/8/Pu+rnfBs4hnu/+Rz/9uwP/V0s3n03fo5uGk1HwK7Pu2nk3tPRybb57ave2tPDsnaDyf/5+Pb6+ozt/J4czO2ark9Py7q3T9/f78/f2SwPCTwdC0xMfd+f+R0f+W0unFvmjR3Oyc0PqyxdvO6fmt2u7b4OHn6+zP2dp2uvHV4vP58szv/P/DvXPM+AzP/x5avC0pP2+fyNs8J/u+zU3em5rW16tejU7e2q19bA5fnVxXl0wf++2bLbynx8tdHh5/H16ar/zP1NvOvGjAs4/l5rnv+erbHLvGj///l+uufCtI/09fb6+/vO3PC93c/a8fmv3P/z9ficyuWw3/+our3BrnOHt+KR1/+24v3Numje2dDW7+TH in C:\inetpub\wwwroot\w\includes\libs\CSSMin.php on line 76

This may only happen on windows, which has a shorter path length than windows.

Change 115895 had a related patch set uploaded by Bartosz Dziewoński:
CSSMin: Don't do file_exists on random data in getLocalFileReferences()

https://gerrit.wikimedia.org/r/115895

(In reply to stroupb from comment #0)

After updating to 1.21 and still after updating to 1.22.2, the Vector skin
doesn't load properly. This happens with every page on the wiki all the
time. Other skins work just fine. The content of the pages load without any
issues, it just isn't formatted. No divs or tabs, just a column of text.

I tried to get help on the Support Desk so there might be some useful
information at
http://www.mediawiki.org/w/index.php?title=Project:
Support_desk&limit=20#Vector_Skin_Not_Loading_After_Update_to_1.22_38821.

Permalink:
https://www.mediawiki.org/wiki/Thread:Project:Support_desk/Vector_Skin_Not_Loading_After_Update_to_1.22#Vector_Skin_Not_Loading_After_Update_to_1.22_38821

Change 115895 merged by jenkins-bot:
CSSMin: Don't do file_exists on random data in getLocalFileReferences()

https://gerrit.wikimedia.org/r/115895

This will be fixed in the 1.23.0 release. Thank you for the report!