dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge "ApiSetNotificationTimestamp: Make entirewatchlist more efficient"
[lhc/web/wiklou.git] / tests / phpunit / includes / upload / UploadBaseTest.php
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php
index 3541091..58c69e3 100644 (file)
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -143,8 +143,8 @@ class UploadBaseTest extends MediaWikiTestCase {
                        // html5sec SVG vectors
                        [
                                '<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>',
-                               true,
-                               true,
+                               true, /* SVG is well formed */
+                               true, /* Evil SVG detected */
                                'Script tag in svg (http://html5sec.org/#47)'
                        ],
                        [
@@ -509,7 +509,20 @@ class UploadBaseTest extends MediaWikiTestCase {
                                true,
                                false,
                                'DTD with aliased entities apos (Should be allowed)'
-                       ]
+                       ],
+                       [
+                               '<svg xmlns="http://www.w3.org/2000/svg"><g filter="url( \'#foo\' )"></g></svg>',
+                               true,
+                               false,
+                               'SVG with local filter (T69044)'
+                       ],
+                       [
+                               '<svg xmlns="http://www.w3.org/2000/svg"><g filter="url( http://example.com/#foo )"></g></svg>',
+                               true,
+                               true,
+                               'SVG with non-local filter (T69044)'
+                       ],
+
                ];
                // phpcs:enable
        }
@@ -562,7 +575,7 @@ class UploadBaseTest extends MediaWikiTestCase {
        public function testCheckXMLEncodingMissmatch( $fileContents, $evil ) {
                $filename = $this->getNewTempFile();
                file_put_contents( $filename, $fileContents );
-               $this->assertSame( UploadBase::checkXMLEncodingMissmatch( $filename ), $evil );
+               $this->assertSame( $evil, UploadBase::checkXMLEncodingMissmatch( $filename ) );
        }
 
        public function provideCheckXMLEncodingMissmatch() {
Wiklou, le Wiki du Wiklou