transformResourcePath is only supposed to be called with something
that starts with a '/' (absolute path from document root).
While the primary caller (CSSMin) only calls this method if the path
makes sense as a local file path, ResourceLoaderSkinModule did not,
and wgLogo may be set to a full url that includes a domain.
While chance made it so that protocol-including urls were already
discarded, protocol-relative urls were mistaken for being a path
inside the file system root with a duplicate slash (e.g.
'//tmp/foo.txt', as 'foo.txt' in /fmp, instead of '/foo.txt' at
http://tmp).
This should be fixed upstream in the wikimedia/relpath library,
but workaround it for now since it really shouldn't be called
with urls in the first place.
Bug: T155310
Change-Id: I9b063f1219ddeca5cc2c8a48832cdf8c9eaffe58
} else {
$remotePath = $remotePathPrefix;
}
- if ( strpos( $path, $remotePath ) !== 0 ) {
- // Path is outside wgResourceBasePath, ignore.
+ if ( strpos( $path, $remotePath ) !== 0 || substr( $path, 0, 2 ) === '//' ) {
+ // - Path is outside wgResourceBasePath, ignore.
+ // - Path is protocol-relative. Fixes T155310. Not supported by RelPath lib.
return $path;
}
$path = RelPath\getRelativePath( $path, $remotePath );
// Unrelated path with domain component. Ignored.
[ 'baseDir' => $baseDir, 'basePath' => '/w', 'https://example.org/files/test.jpg' ],
[ 'baseDir' => $baseDir, 'basePath' => '/w', '//example.org/files/test.jpg' ],
+ // Unrelated path with domain, and empty base path (root mw install). Ignored.
+ [ 'baseDir' => $baseDir, 'basePath' => '', 'https://example.org/files/test.jpg' ],
+ [ 'baseDir' => $baseDir, 'basePath' => '', '//example.org/files/test.jpg' ], // T155310
];
}
dépôts / lhc / web / wiklou.git / commitdiff