const FILETYPE_MISSING = 8;
const FILETYPE_BADTYPE = 9;
const VERIFICATION_ERROR = 10;
-
- # HOOK_ABORTED is the new name of UPLOAD_VERIFICATION_ERROR
- const UPLOAD_VERIFICATION_ERROR = 11;
const HOOK_ABORTED = 11;
const FILE_TOO_LARGE = 12;
const WINDOWS_NONASCII_FILENAME = 13;
'<a href',
'<body',
'<head',
- '<html', #also in safari
+ '<html', # also in safari
'<img',
'<pre',
- '<script', #also in safari
+ '<script', # also in safari
'<table'
);
# image/svg, text/xml, application/xml, and text/html, which can contain scripts
if ( $stripped == 'href' && strncasecmp( 'data:', $value, 5 ) === 0 ) {
// rfc2397 parameters. This is only slightly slower than (;[\w;]+)*.
+ // @codingStandardsIgnoreStart Generic.Files.LineLength
$parameters = '(?>;[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+=(?>[a-zA-Z0-9\!#$&\'*+.^_`{|}~-]+|"(?>[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|\\\\[\0-\x7f])*"))*(?:;base64)?';
+ // @codingStandardsIgnoreEnd
+
if ( !preg_match( "!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i", $value ) ) {
wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri "
. "\"<$strippedElement '$attrib'='$value'...\" in uploaded file.\n" );
}
}
- return false; //No scripts detected
+ return false; // No scripts detected
}
/**
$output = trim( $output );
if ( !$output ) {
- $output = true; #if there's no output, return true
+ $output = true; # if there's no output, return true
} elseif ( $msgPattern ) {
$groups = array();
if ( preg_match( $msgPattern, $output, $groups ) ) {