HomePhabricator
Diffusion MediaWiki 7c19043d1dc2

SECURITY: Make SVG @import checking case insensitive
7c19043d1dc2
Actions

Description

SECURITY: Make SVG @import checking case insensitive

@import in embedded CSS is case-insensitive, meaning
an attacker can put "@iMpOrT" and it should still
work.

This uses stripos instead of strpos to make the check
case insensitive.

Bug: T85349
Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1

Details

Provenance
Parent5446Authored on
csteippCommitted on Mar 31 2015, 12:53 PM
Parents
rMW455591a7a5c0: build: Add Karma task for automated QUnit testing in browsers
Branches
Unknown
Tags
Unknown
ChangeId
I31db9d81f46460af2d8d3f161ba46c2ab7a170d1

Changes (2)

PathSize
includes/
upload/
tests/
phpunit/
includes/
upload/

rMW7c19043d1dc2

View Options

includes/upload/UploadBase.php

Loading...
View Options

tests/phpunit/includes/upload/UploadBaseTest.php

Loading...
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL