r64932 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r64931‎ | r64932 | r64933 >
Date:12:38, 11 April 2010
Author:catrope
Status:resolved (Comments)
Tags:
Comment:
(bug 23148) Escape % in ImageMagick comments. Patch by Derk-Jan Hartman
Modified paths:
  • /trunk/phase3/includes/media/Bitmap.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/media/Bitmap.php
@@ -157,7 +157,7 @@
158158 // or ImageMagick may decide your ratio is wrong and slice off
159159 // a pixel.
160160 " -thumbnail " . wfEscapeShellArg( "{$physicalWidth}x{$physicalHeight}!" ) .
161 - " -set comment " . wfEscapeShellArg( "{$descriptionUrl}" ) .
 161+ " -set comment " . wfEscapeShellArg( str_replace( '%', '%%', $descriptionUrl ) ) .
162162 " -depth 8 $sharpen " .
163163 wfEscapeShellArg($dstPath) . " 2>&1";
164164 wfDebug( __METHOD__.": running ImageMagick: $cmd\n");

Follow-up revisions

RevisionCommit summaryAuthorDate
r64935Follow up r64932: Add comment on why % is escapedbtongminh13:54, 11 April 2010
r65401MFT r64932, bug 23148: ImageMagick comment escaping. Noted security implicati...tstarling15:35, 21 April 2010
r65402MFT r64932, bug 23148: ImageMagick comment escaping bugtstarling15:37, 21 April 2010
r65467More rigorous fix for ImageMagick parameter interpretation (bug 23148 etc.) b...tstarling16:24, 23 April 2010
r65681MFT r65467 (and r64935, r64936, r64947 to sync the base): updated fix for bug...tstarling05:33, 30 April 2010
r65682MFT r65467 (and r64935, r64936, r64947 to sync the base): updated fix for bug...tstarling05:37, 30 April 2010

Comments

#Comment by Bryan (talk | contribs)   10:43, 12 April 2010

Should this be backported to 1.16?

#Comment by Tim Starling (talk | contribs)   15:29, 21 April 2010

It's a local path disclosure vulnerability, we're not meant to have those. I'm backporting.

Status & tagging log