Index: includes/media/SVGMetadataExtractor.php =================================================================== --- includes/media/SVGMetadataExtractor.php (revision 82956) +++ includes/media/SVGMetadataExtractor.php (working copy) @@ -39,6 +39,7 @@ private $reader = null; private $mDebug = false; private $metadata = Array(); + private $filesize = 0; /** * Constructor @@ -49,6 +50,7 @@ function __construct( $source ) { $this->reader = new XMLReader(); $this->reader->open( $source, null, LIBXML_NOERROR | LIBXML_NOWARNING ); + $this->filesize = filesize( $source ); $this->metadata['width'] = self::DEFAULT_WIDTH; $this->metadata['height'] = self::DEFAULT_HEIGHT; @@ -67,6 +69,7 @@ * Read the SVG */ public function read() { + global $wgSVGMaxFilesize; $keepReading = $this->reader->read(); /* Skip until first element */ @@ -98,10 +101,20 @@ $this->readField( $tag, 'description' ); } elseif ( $this->qualifiedNameEquals( $tag, 'svg', 'metadata' ) && $type == XmlReader::ELEMENT ) { $this->readXml( $tag, 'metadata' ); - } elseif ( $tag !== '#text' ) { + } else { $this->debug( "Unhandled top-level XML tag $tag" ); - $this->animateFilter( $tag ); - //$skip = true; + + /* By default we will want to skip everything that we don't recognize. + * If we don't skip, and walk entire files, than limit this to cases + * where the filesize is < wgSVGMaxFilesize */ + $skip = true; + $this->debug( "Filesize: " . $this->filesize . " SVGMaxFilesize: " . $wgSVGMaxFilesize ); + if ( $tag !== '#text' && $this->filesize < $wgSVGMaxFilesize ) { + if( !isset( $this->metadata['animated']) ) { + $skip = false; + $this->animateFilter( $tag ); + } + } } if ($skip) { Index: includes/DefaultSettings.php =================================================================== --- includes/DefaultSettings.php (revision 82956) +++ includes/DefaultSettings.php (working copy) @@ -675,6 +675,9 @@ $wgSVGConverterPath = ''; /** Don't scale a SVG larger than this */ $wgSVGMaxSize = 2048; +/** Don't parse an SVG larger than this + * Default is 1024*1024*10 bytes */ +$wgSVGMaxFilesize = 10485760; /** * MediaWiki will reject HTMLesque tags in uploaded files due to idiotic browsers which can't