Avoid exposure of local path in PNG thumbnails

author Darian Anthony Patrick <dpatrick@wikimedia.org>

Wed, 12 Aug 2015 19:47:36 +0000 (12:47 -0700)

committer Chad Horohoe <chadh@wikimedia.org>

Fri, 16 Oct 2015 21:51:09 +0000 (14:51 -0700)
author Darian Anthony Patrick <dpatrick@wikimedia.org>
Wed, 12 Aug 2015 19:47:36 +0000 (12:47 -0700)
committer Chad Horohoe <chadh@wikimedia.org>
Fri, 16 Oct 2015 21:51:09 +0000 (14:51 -0700)
diff --git a/includes/media/Bitmap.php b/includes/media/Bitmap.php

index 692e5a6..faf40b3 100644 (file)
--- a/includes/media/Bitmap.php
+++ b/includes/media/Bitmap.php
@@ -161,6 +161,8 @@ class BitmapHandler extends TransformationalImageHandler {
                         ( $params['comment'] !== ''
                                 ? array( '-set', 'comment', $this->escapeMagickProperty( $params['comment'] ) )
                                 : array() ),
+                       // T108616: Avoid exposure of local file path
+                       array( '+set', 'Thumb::URI' ),
                         array( '-depth', 8 ),
                         $sharpen,
                         array( '-rotate', "-$rotation" ),
author	Darian Anthony Patrick <dpatrick@wikimedia.org>
	Wed, 12 Aug 2015 19:47:36 +0000 (12:47 -0700)
committer	Chad Horohoe <chadh@wikimedia.org>
	Fri, 16 Oct 2015 21:51:09 +0000 (14:51 -0700)