Merge "ApiSetNotificationTimestamp: Make entirewatchlist more efficient"

[lhc/web/wiklou.git] / tests / phpunit / includes / upload / UploadBaseTest.php

diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php
index a80262e..58c69e3 100644 (file)
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -143,8 +143,8 @@ class UploadBaseTest extends MediaWikiTestCase {
                        // html5sec SVG vectors
                        [
                                '<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>',
-                               true,
-                               true,
+                               true, /* SVG is well formed */
+                               true, /* Evil SVG detected */
                                'Script tag in svg (http://html5sec.org/#47)'
                        ],
                        [
@@ -509,7 +509,20 @@ class UploadBaseTest extends MediaWikiTestCase {
                                true,
                                false,
                                'DTD with aliased entities apos (Should be allowed)'
-                       ]
+                       ],
+                       [
+                               '<svg xmlns="http://www.w3.org/2000/svg"><g filter="url( \'#foo\' )"></g></svg>',
+                               true,
+                               false,
+                               'SVG with local filter (T69044)'
+                       ],
+                       [
+                               '<svg xmlns="http://www.w3.org/2000/svg"><g filter="url( http://example.com/#foo )"></g></svg>',
+                               true,
+                               true,
+                               'SVG with non-local filter (T69044)'
+                       ],
+
                ];
                // phpcs:enable
        }