HomePhabricator
Diffusion MediaWiki 02b6f29a69a5

SECURITY: Always expand xml entities when checking SVG's
02b6f29a69a5
Actions

Description

SECURITY: Always expand xml entities when checking SVG's

XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml
entities unexpanded, which can lead to false-negatives when the
callback was used for filtering. Update XmlTypeCheck to use XMLReader
instead, tell the library to fully expand entities, and rely on the
library to error out if it encounters XML that is likely to cause a DoS
if parsed.

Bug: T88310
Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba

Details

Provenance
csteippAuthored on
Parents
rMW9004770f60f8: SECURITY: Escape > in Html::expandAttributes
Branches
Unknown
Tags
Unknown
ChangeId
I77c77a2d6d22f549e7ef969811f7edd77a45dbba

Changes (3)

PathSize
includes/
libs/
tests/
phpunit/
includes/
upload/

rMW02b6f29a69a5

View Options

includes/libs/XmlTypeCheck.php

Loading...
View Options

tests/phpunit/includes/XmlTypeCheckTest.php

Loading...
View Options

tests/phpunit/includes/upload/UploadBaseTest.php

Loading...
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL