],
[
// This currently doesn't seem to work in any browsers, but in case
- // http://www.w3.org/TR/css3-images/ is implemented for SVG files
+ // https://www.w3.org/TR/css3-images/ is implemented for SVG files
'<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:image(\'sprites.svg#xywh=40,0,20,20\')"/> </svg>',
true,
true,
];
// @codingStandardsIgnoreEnd
}
+
+ /**
+ * @dataProvider provideDetectScriptInSvg
+ */
+ public function testDetectScriptInSvg( $svg, $expected, $message ) {
+ // This only checks some weird cases, most tests are in testCheckSvgScriptCallback() above
+ $result = $this->upload->detectScriptInSvg( $svg, false );
+ $this->assertSame( $expected, $result, $message );
+ }
+
+ public static function provideDetectScriptInSvg() {
+ global $IP;
+ return [
+ [
+ "$IP/tests/phpunit/data/upload/buggynamespace-original.svg",
+ false,
+ 'SVG with a weird but valid namespace definition created by Adobe Illustrator'
+ ],
+ [
+ "$IP/tests/phpunit/data/upload/buggynamespace-okay.svg",
+ false,
+ 'SVG with a namespace definition created by Adobe Illustrator and mangled by Inkscape'
+ ],
+ [
+ "$IP/tests/phpunit/data/upload/buggynamespace-okay2.svg",
+ false,
+ 'SVG with a namespace definition created by Adobe Illustrator and mangled by Inkscape (twice)'
+ ],
+ [
+ "$IP/tests/phpunit/data/upload/buggynamespace-bad.svg",
+ [ 'uploadscriptednamespace', 'i' ],
+ 'SVG with a namespace definition using an undefined entity'
+ ],
+ [
+ "$IP/tests/phpunit/data/upload/buggynamespace-evilhtml.svg",
+ [ 'uploadscriptednamespace', 'http://www.w3.org/1999/xhtml' ],
+ 'SVG with an html namespace encoded as an entity'
+ ],
+ ];
+ }
+
+ /**
+ * @dataProvider provideCheckXMLEncodingMissmatch
+ */
+ public function testCheckXMLEncodingMissmatch( $fileContents, $evil ) {
+ $filename = $this->getNewTempFile();
+ file_put_contents( $filename, $fileContents );
+ $this->assertSame( UploadBase::checkXMLEncodingMissmatch( $filename ), $evil );
+ }
+
+ public function provideCheckXMLEncodingMissmatch() {
+ return [
+ [ '<?xml version="1.0" encoding="utf-7"?><svg></svg>', true ],
+ [ '<?xml version="1.0" encoding="utf-8"?><svg></svg>', false ],
+ [ '<?xml version="1.0" encoding="WINDOWS-1252"?><svg></svg>', false ],
+ ];
+ }
}
class UploadTestHandler extends UploadBase {
);
return [ $check->wellFormed, $check->filterMatch ];
}
+
+ /**
+ * Same as parent function, but override visibility to 'public'.
+ */
+ public function detectScriptInSvg( $filename, $partial ) {
+ return parent::detectScriptInSvg( $filename, $partial );
+ }
}