| Index: branches/REL1_16/phase3/includes/media/Bitmap.php |
| — | — | @@ -155,7 +155,7 @@ |
| 156 | 156 | // or ImageMagick may decide your ratio is wrong and slice off |
| 157 | 157 | // a pixel. |
| 158 | 158 | " -thumbnail " . wfEscapeShellArg( "{$physicalWidth}x{$physicalHeight}!" ) . |
| 159 | | - " -set comment " . wfEscapeShellArg( "{$descriptionUrl}" ) . |
| | 159 | + " -set comment " . wfEscapeShellArg( str_replace( '%', '%%', $descriptionUrl ) ) . |
| 160 | 160 | " -depth 8 $sharpen " . |
| 161 | 161 | wfEscapeShellArg($dstPath) . " 2>&1"; |
| 162 | 162 | wfDebug( __METHOD__.": running ImageMagick: $cmd\n"); |
| Property changes on: branches/REL1_16/phase3/includes/media/Bitmap.php |
| ___________________________________________________________________ |
| Name: svn:mergeinfo |
| 163 | 163 | + /branches/REL1_15/phase3/includes/media/Bitmap.php:51646 |
| /branches/sqlite/includes/media/Bitmap.php:58211-58321 |
| /branches/wmf-deployment/includes/media/Bitmap.php:53381 |
| /trunk/phase3/includes/media/Bitmap.php:63549,63764,63897-63901,64876,64881,64932 |
| Index: branches/REL1_16/phase3/RELEASE-NOTES |
| — | — | @@ -53,6 +53,8 @@ |
| 54 | 54 | showed the same text. |
| 55 | 55 | * (bug 23115, bug 23124) Fixed various problems with <title> and <h1> elements |
| 56 | 56 | in page views and previews when the language converter is enabled. |
| | 57 | +* (bug 23148) Fixed a local path disclosure vulnerability in ImageMagick image |
| | 58 | + scaling, which was introduced in 1.16 beta 1. |
| 57 | 59 | |
| 58 | 60 | === Changes since 1.16 beta 1 === |
| 59 | 61 | |