From d1156d7302acf9520b28f5931e299d8d10814314 Mon Sep 17 00:00:00 2001 From: Arlo Breault Date: Thu, 29 Jun 2023 17:03:15 -0400 Subject: [PATCH] SECURITY: Move badFile lookup to Linker Bug: T335612 Change-Id: I849d02f1d3dc9995353b7a9995601d214053dca3 --- includes/Linker.php | 13 +++++++++++-- includes/parser/Parser.php | 34 ++++++++++++++++------------------ 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/includes/Linker.php b/includes/Linker.php index 83e4219094c..411d217b0ac 100644 --- a/includes/Linker.php +++ b/includes/Linker.php @@ -443,7 +443,10 @@ class Linker { $thumb = false; } - if ( !$thumb ) { + $isBadFile = $file && $thumb && $parser && + $parser->getBadFileLookup()->isBadFile( $title->getDBkey(), $parser->getTitle() ); + + if ( !$thumb || $isBadFile ) { $rdfaType = 'mw:Error ' . $rdfaType; $label = ''; if ( $enableLegacyMediaDOM ) { @@ -712,6 +715,12 @@ class Linker { . "
"; } + $isBadFile = $exists && $thumb && $parser && + $parser->getBadFileLookup()->isBadFile( + $manualthumb ? $manual_title : $title->getDBkey(), + $parser->getTitle() + ); + if ( !$exists ) { $label = ''; if ( $enableLegacyMediaDOM ) { @@ -723,7 +732,7 @@ class Linker { $title, $label, '', '', '', (bool)$time, $handlerParams ); $zoomIcon = ''; - } elseif ( !$thumb ) { + } elseif ( !$thumb || $isBadFile ) { if ( $enableLegacyMediaDOM ) { $s .= wfMessage( 'thumbnail_error', '' )->escaped(); } else { diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php index dcb9d9ac201..2b0351399fe 100644 --- a/includes/parser/Parser.php +++ b/includes/parser/Parser.php @@ -2661,25 +2661,23 @@ class Parser { } if ( $ns === NS_FILE ) { - if ( !$this->badFileLookup->isBadFile( $nt->getDBkey(), $this->getTitle() ) ) { - if ( $wasblank ) { - # if no parameters were passed, $text - # becomes something like "File:Foo.png", - # which we don't want to pass on to the - # image generator - $text = ''; - } else { - # recursively parse links inside the image caption - # actually, this will parse them in any other parameters, too, - # but it might be hard to fix that, and it doesn't matter ATM - $text = $this->handleExternalLinks( $text ); - $holders->merge( $this->handleInternalLinks2( $text ) ); - } - # cloak any absolute URLs inside the image markup, so handleExternalLinks() won't touch them - $s .= $prefix . $this->armorLinks( - $this->makeImage( $nt, $text, $holders ) ) . $trail; - continue; + if ( $wasblank ) { + # if no parameters were passed, $text + # becomes something like "File:Foo.png", + # which we don't want to pass on to the + # image generator + $text = ''; + } else { + # recursively parse links inside the image caption + # actually, this will parse them in any other parameters, too, + # but it might be hard to fix that, and it doesn't matter ATM + $text = $this->handleExternalLinks( $text ); + $holders->merge( $this->handleInternalLinks2( $text ) ); } + # cloak any absolute URLs inside the image markup, so handleExternalLinks() won't touch them + $s .= $prefix . $this->armorLinks( + $this->makeImage( $nt, $text, $holders ) ) . $trail; + continue; } elseif ( $ns === NS_CATEGORY ) { /** * Strip the whitespace Category links produce, see T2087 -- 2.34.1