dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b813539) | patch
SECURITY: Don't allow embedded application/xml in SVG's
authorcsteipp <csteipp@wikimedia.org>
Tue, 13 Jan 2015 01:00:45 +0000 (17:00 -0800)
committercsteipp <csteipp@wikimedia.org>
Wed, 1 Apr 2015 16:54:59 +0000 (09:54 -0700)
commitbf5f708dc52503a2981cd8f059708f0f773b218d
treed41b86dc97aa69a82f2b2a672a22f754209cb727tree | snapshot
parentb813539d6d802a2a3fa58684fca63f87e8135c03commit | diff
SECURITY: Don't allow embedded application/xml in SVG's

Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got
around our blacklist on embedded href targets. Use a whitelist instead.

Bug: T85850
Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28
includes/upload/UploadBase.php diff | blob | history
tests/phpunit/includes/upload/UploadBaseTest.php diff | blob | history
Wiklou, le Wiki du Wiklou