// detect the encoding in case is specifies an encoding not whitelisted in self::$safeXmlEncodings
$attemptEncodings = [ 'UTF-16', 'UTF-16BE', 'UTF-32', 'UTF-32BE' ];
foreach ( $attemptEncodings as $encoding ) {
- MediaWiki\suppressWarnings();
+ Wikimedia\suppressWarnings();
$str = iconv( $encoding, 'UTF-8', $contents );
- MediaWiki\restoreWarnings();
+ Wikimedia\restoreWarnings();
if ( $str != '' && preg_match( "!<\?xml\b(.*?)\?>!si", $str, $matches ) ) {
if ( preg_match( $encodingRegex, $matches[1], $encMatch )
&& !in_array( strtoupper( $encMatch[1] ), self::$safeXmlEncodings )
# image/svg, text/xml, application/xml, and text/html, which can contain scripts
if ( $stripped == 'href' && strncasecmp( 'data:', $value, 5 ) === 0 ) {
// rfc2397 parameters. This is only slightly slower than (;[\w;]+)*.
- // @codingStandardsIgnoreStart Generic.Files.LineLength
+ // phpcs:ignore Generic.Files.LineLength
$parameters = '(?>;[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+=(?>[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+|"(?>[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|\\\\[\0-\x7f])*"))*(?:;base64)?';
- // @codingStandardsIgnoreEnd
if ( !preg_match( "!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i", $value ) ) {
wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri "