From e4fcbad4640b079c862a3256a065eada4ce46b72 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Mon, 13 Jun 2016 04:52:21 -0400
Subject: [PATCH] Add -dSAFER to ghostscript as a hardening measure

-dSAFER disables certain scary features of ghostscript
(like arbitrary file access). Its primarily about postscript
security, but enable it for pdfs to be safe.

Bug: T136402
Change-Id: I0ab37ddb5d134334e975bc07d3b9ba7bfc7a5659
---
 PdfHandler_body.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/PdfHandler_body.php b/PdfHandler_body.php
index 36a52dd..dae9820 100644
--- a/PdfHandler_body.php
+++ b/PdfHandler_body.php
@@ -201,6 +201,7 @@ class PdfHandler extends ImageHandler {
 			"-sOutputFile=-",
 			"-dFirstPage={$page}",
 			"-dLastPage={$page}",
+			"-dSAFER",
 			"-r{$wgPdfHandlerDpi}",
 			"-dBATCH",
 			"-dNOPAUSE",
-- 
2.0.1