dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a93c415) | patch
SECURITY: Make SVG @import checking case insensitive
authorTyler Romeo <tylerromeo@gmail.com>
Tue, 30 Dec 2014 20:24:04 +0000 (15:24 -0500)
committercsteipp <csteipp@wikimedia.org>
Wed, 1 Apr 2015 16:54:44 +0000 (09:54 -0700)
commitb813539d6d802a2a3fa58684fca63f87e8135c03
tree72e91777aa467f9df048522389123065e5097d2atree | snapshot
parenta93c41542ef7c9d2093e2017f1188568410b8178commit | diff
SECURITY: Make SVG @import checking case insensitive

@import in embedded CSS is case-insensitive, meaning
an attacker can put "@iMpOrT" and it should still
work.

This uses stripos instead of strpos to make the check
case insensitive.

Bug: T85349
Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
includes/upload/UploadBase.php diff | blob | history
tests/phpunit/includes/upload/UploadBaseTest.php diff | blob | history
Wiklou, le Wiki du Wiklou