will be generated. You may view the +manual page with: nroff -man .

| less'. A +typical entry in a Makefile or Makefile.am is: + +DB2MAN=/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/\ +manpages/docbook.xsl +XP=xsltproc -''-nonet + +manpage.1: manpage.dbk + $(XP) $(DB2MAN) $< + +The xsltproc binary is found in the xsltproc package. The +XSL files are in docbook-xsl. Please remember that if you +create the nroff version in one of the debian/rules file +targets (such as build), you will need to include xsltproc +and docbook-xsl in your Build-Depends control field. + +--> + + + Marc"> + Dequ\[`e]nes"> + + 2005-01-02"> + + 1"> + Duck@DuckCorp.org"> + + TEXVC"> + + + Debian"> + GNU"> + GPL"> +]> + + + +

+ &dhemail; +

+ + &dhfirstname; + &dhsurname; + + + 2003 + &dhusername; + + &dhdate; + + + &dhucpackage; + + &dhsection; + + + &dhpackage; + + math equation PNG renderer + + + + &dhpackage; + + tempdir + outputdir + texcode + encoding + + + + + DESCRIPTION + + &dhpackage; is designed to render math + equations written in latex code into PNG images. + + + + + OPTIONS + + + + + tempdir + + + directory where temporary files are created. + + + + + outputdir + + + directory where the result image is stored. + + + + + texcode + + + latex code string representing math equations. + + + + + encoding + + + used encoding in latex code string. + + + + + + OUTPUT + Status codes and HTML/MathML transformations are returned on stdout. + A rasterized PNG file will be written to the output directory, named + for the MD5 hash code. + + + texvc output format is like this: + + +%5 ok, but not html or mathml + c%5%h ok, conservative html, no mathml + m%5%h ok, moderate html, no mathml + l%5%h ok, liberal html, no mathml + C%5%h\0%m ok, conservative html, with mathml + M%5%h\0%m ok, moderate html, with mathml + L%5%h\0%m ok, liberal html, with mathml + X%5%m ok, no html, with mathml + S syntax error + E lexing error + F%s unknown function %s + - other error + + + + with the following codes: + + \0 - null character + %5 - md5, 32 hex characters + %h - html code, without \0 characters + %m - mathml code, without \0 characters + + + + + AUTHOR + + This manual page was written by &dhusername; &dhemail; for + the &debian; system (but may be used by others). Permission is + granted to copy, distribute and/or modify this document under + the terms of the &gnu; General Public License, Version 2 any + later version published by the Free Software Foundation. + + + On Debian systems, the complete text of the GNU General Public + License can be found in /usr/share/common-licenses/GPL. + + + + + --- mediawiki-1.12.0.orig/debian/control +++ mediawiki-1.12.0/debian/control @@ -0,0 +1,44 @@ +Source: mediawiki +Section: web +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Mediawiki Maintenance Team +Uploaders: Romain Beauxis +Build-Depends: debhelper (>= 4.2.0), quilt, patchutils (>= 0.2.25), cdbs (>= 0.4.27), ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf +Homepage: http://www.mediawiki.org/ +Standards-Version: 3.7.3 + +Package: mediawiki +Architecture: all +Depends: apache2 | httpd, php5, php5-mysql | php5-pgsql, mime-support, ${misc:Depends} +Recommends: mysql-server | postgresql-contrib, php5-cli +Suggests: php5-gd | imagemagick, mediawiki-math, memcached, clamav +Description: website engine for collaborative work + MediaWiki is a wiki engine (a program for creating a collaboratively + edited website). It is designed to handle heavy websites containing + library-like document collections, and supports user uploads of + images/sounds, multilingual content, TOC autogeneration, ISBN links, + etc. + . + Moreover, it keeps track of changes, so users can receive + notifications, view diffs and revert edits. This system has many + other features and can easily be extended. + +Package: mediawiki-math +Architecture: any +Depends: ${interpreter:Depends}, tetex-bin | texlive-latex-base, gs-gpl | gs-esp, imagemagick, ${shlibs:Depends} +Replaces: mediawiki1.5-math, mediawiki1.9-math, mediawiki1.10-math +Recommends: mediawiki, latex-cjk-all, tetex-extra +Description: math rendering plugin for MediaWiki + MediaWiki is a wiki engine (a program for creating a collaboratively + edited website). It is designed to handle heavy websites containing + library-like document collections, and supports user uploads of + images/sounds, multilingual content, TOC autogeneration, ISBN links, + etc. + . + Moreover, it keeps track of changes, so users can receive + notifications, view diffs and revert edits. This system has many + other features and can easily be extended. + . + This package contains the math rendering plugin. + --- mediawiki-1.12.0.orig/debian/mediawiki.docs +++ mediawiki-1.12.0/debian/mediawiki.docs @@ -0,0 +1,5 @@ +docs +RELEASE-NOTES +FAQ +HISTORY +UPGRADE --- mediawiki-1.12.0.orig/debian/etc/cherokee.conf +++ mediawiki-1.12.0/debian/etc/cherokee.conf @@ -0,0 +1,9 @@ + +## +## Virtual server for mediawiki +## +Directory /mediawiki { + Handler common + DocumentRoot /var/lib/mediawiki/ +} + --- mediawiki-1.12.0.orig/debian/etc/apache.conf +++ mediawiki-1.12.0/debian/etc/apache.conf @@ -0,0 +1,20 @@ +# Uncomment this to add an alias. +# This does not work properly with virtual hosts.. +#Alias /mediawiki /var/lib/mediawiki + + + Options +FollowSymLinks + AllowOverride All + order allow,deny + allow from all + + +# some directories must be protected + + Options -FollowSymLinks + AllowOverride None + + + Options -FollowSymLinks + AllowOverride None + --- mediawiki-1.12.0.orig/debian/patches/series +++ mediawiki-1.12.0/debian/patches/series @@ -0,0 +1,8 @@ +texvc_location.patch +mimetypes.patch +debian_specific_config.patch +fix_postgre.patch +CVE-2008-4408.patch +CVE-2008-5249_CVE-2008-5250_CVE-2008-5252.patch +CVE-2009-0737.patch +CSS-no-CVE_rev-63429.patch --- mediawiki-1.12.0.orig/debian/patches/debian_specific_config.patch +++ mediawiki-1.12.0/debian/patches/debian_specific_config.patch @@ -0,0 +1,65 @@ +Index: mediawiki-1.12.0/config/index.php +=================================================================== +--- mediawiki-1.12.0.orig/config/index.php 2008-03-20 23:08:49.000000000 +0100 ++++ mediawiki-1.12.0/config/index.php 2008-03-24 02:31:45.000000000 +0100 +@@ -212,7 +212,7 @@ + if( !is_writable( "." ) ) { + dieout( "

Can't write config file, aborting

+ +-

In order to configure the wiki you have to make the config subdirectory ++

In order to configure the wiki you have to make the /var/lib/mediawiki/config subdirectory + writable by the web server. Once configuration is done you'll move the created + LocalSettings.php to the parent directory, and for added safety you can + then remove the config subdirectory entirely.

+@@ -1454,16 +1454,7 @@ +

Installation successful!

To complete the installation, please do the following: +-

Download config/LocalSettings.php with your FTP client or file manager
Upload it to the parent directory
Delete config/LocalSettings.php
Start using your wiki! +-

If you are in a shared hosting environment, do not just move LocalSettings.php +-remotely. LocalSettings.php is currently owned by the user your webserver is running under, +-which means that anyone on the same server can read your database password! Downloading +-it and uploading it again will hopefully change the ownership to a user ID specific to you.

Move /var/lib/mediawiki/config/LocalSettings.php to /etc/mediawiki/LocalSettings.php for normal install, root of your install for multisite, with rights 640

+ EOT; + } else { +@@ -1471,7 +1462,7 @@ +

+ Installation successful! +-Move the config/LocalSettings.php file to the parent directory, then follow ++Move /var/lib/mediawiki/config/LocalSettings.php to /etc/mediawiki, then follow + this link to your wiki.

You should change file permissions for LocalSettings.php as required to + prevent other users on the server reading passwords and altering configuration data.

+@@ -1579,6 +1570,12 @@ + + # If you customize your file layout, set \$IP to the directory that contains + # the other MediaWiki files. It will be used as a base to locate files. ++ ++# We define this to allow the configuration file to be explicitly ++# located in /etc/mediawiki. ++# Change this if you are setting up multisite wikis on your server. ++define('MW_INSTALL_PATH','/var/lib/mediawiki'); ++ + if( defined( 'MW_INSTALL_PATH' ) ) { + \$IP = MW_INSTALL_PATH; + } else { +@@ -1689,6 +1686,11 @@ + + \$wgDiff3 = \"{$slconf['diff3']}\"; + ++# debian specific include: ++if (is_file(\"/etc/mediawiki-extensions/extensions.php\")) { ++ include( \"/etc/mediawiki-extensions/extensions.php\" ); ++} ++ + # When you make changes to this configuration file, this will make + # sure that cached pages are cleared. + \$wgCacheEpoch = max( \$wgCacheEpoch, gmdate( 'YmdHis', @filemtime( __FILE__ ) ) ); --- mediawiki-1.12.0.orig/debian/patches/CVE-2008-4408.patch +++ mediawiki-1.12.0/debian/patches/CVE-2008-4408.patch @@ -0,0 +1,15 @@ +Index: mediawiki-1.12.0/includes/SkinTemplate.php +=================================================================== +--- mediawiki-1.12.0.orig/includes/SkinTemplate.php 2008-10-14 15:54:23.000000000 +0200 ++++ mediawiki-1.12.0/includes/SkinTemplate.php 2008-10-14 15:55:32.000000000 +0200 +@@ -1001,9 +1001,7 @@ + # If we use the site's dynamic CSS, throw that in, too + if ( $wgUseSiteCss ) { + $query = "usemsgcache=yes&action=raw&ctype=text/css&smaxage=$wgSquidMaxage"; +- $skinquery = ''; +- if (($us = $wgRequest->getVal('useskin', '')) !== '') +- $skinquery = "&useskin=$us"; ++ $skinquery = "&useskin=" . urlencode( $this->getSkinName() ); + $sitecss .= '@import "' . self::makeNSUrl( 'Common.css', $query, NS_MEDIAWIKI) . '";' . "\n"; + $sitecss .= '@import "' . self::makeNSUrl( ucfirst( $this->skinname ) . '.css', $query, NS_MEDIAWIKI ) . '";' . "\n"; + $sitecss .= '@import "' . self::makeUrl( '-', "action=raw&gen=css$siteargs$skinquery" ) . '";' . "\n"; --- mediawiki-1.12.0.orig/debian/patches/fix_postgre.patch +++ mediawiki-1.12.0/debian/patches/fix_postgre.patch @@ -0,0 +1,49 @@ +Index: mediawiki-1.12.0/includes/DatabasePostgres.php +=================================================================== +--- mediawiki-1.12.0.orig/includes/DatabasePostgres.php 2008-03-20 23:08:48.000000000 +0100 ++++ mediawiki-1.12.0/includes/DatabasePostgres.php 2008-03-24 02:30:29.000000000 +0100 +@@ -93,6 +93,44 @@ + + } + ++ /** ++ * SELECT wrapper ++ * ++ * @param mixed $table Array or string, table name(s) (prefix auto-added) ++ * @param mixed $vars Array or string, field name(s) to be retrieved ++ * @param mixed $conds Array or string, condition(s) for WHERE ++ * @param string $fname Calling function name (use __METHOD__) for logs/profiling ++ * @param array $options Associative array of options (e.g. array('GROUP BY' => 'page_title')), ++ * see Database::makeSelectOptions code for list of supported stuff ++ * @return mixed Database result resource (feed to Database::fetchObject or whatever), or false on failure ++ */ ++ function select( $table, $vars, $conds='', $fname = 'Database::select', $options = array() ) ++ { ++ $noKeyOptions = array(); ++ foreach ( $options as $key => $option ) { ++ if ( is_numeric( $key ) ) { ++ $noKeyOptions[$option] = true; ++ } ++ } ++ ++ if (is_array($vars) === false) { ++ $vars = (string)$vars; ++ $var_list = explode(',', $vars); ++ } ++ else { ++ $var_list = $vars; ++ $vars = implode(',', $var_list); ++ } ++ ++ ## in certain conditions with ORDER BY and GROUP BY, the specified fields *MUST* be included in fetched data ++ if (array_key_exists('ORDER BY', $options) && (strpos($vars, '(') === false) && ((stripos($vars, "DISTINCT ") !== false) || (array_key_exists('DISTINCT', $noKeyOptions)))) ++ $var_list[] = preg_replace("/ (ASC|DESC|USING .*?)(,| |$)/i", "", $options['ORDER BY']); ++ else if (array_key_exists('GROUP BY', $options)) ++ $var_list[] = $options['GROUP BY']; ++ ++ return parent::select( $table, $var_list, $conds, $fname, $options ); ++ } ++ + function cascadingDeletes() { + return true; + } --- mediawiki-1.12.0.orig/debian/patches/CVE-2008-5249_CVE-2008-5250_CVE-2008-5252.patch +++ mediawiki-1.12.0/debian/patches/CVE-2008-5249_CVE-2008-5250_CVE-2008-5252.patch @@ -0,0 +1,1516 @@ +Backported fix for CVE-2008-5249 CVE-2008-5250 CVE-2008-5252 +--- a/img_auth.php ++++ b/img_auth.php +@@ -17,6 +17,12 @@ require_once( dirname( __FILE__ ) . '/in + wfProfileIn( 'img_auth.php' ); + require_once( dirname( __FILE__ ) . '/includes/StreamFile.php' ); + ++$perms = User::getGroupPermissions( array( '*' ) ); ++if ( in_array( 'read', $perms, true ) ) { ++ wfDebugLog( 'img_auth', 'Public wiki' ); ++ wfPublicError(); ++} ++ + // Extract path and image information + if( !isset( $_SERVER['PATH_INFO'] ) ) { + wfDebugLog( 'img_auth', 'Missing PATH_INFO' ); +@@ -88,3 +94,25 @@ ENDS; + wfLogProfilingData(); + exit(); + } ++ ++/** ++ * Show a 403 error for use when the wiki is public ++ */ ++function wfPublicError() { ++ header( 'HTTP/1.0 403 Forbidden' ); ++ header( 'Content-Type: text/html; charset=utf-8' ); ++ echo << ++ ++

Access Denied

The function of img_auth.php is to output files from a private wiki. This wiki ++is configured as a public wiki. For optimal security, img_auth.php is disabled in ++this case. ++

++ ++ ++ENDS; ++ wfLogProfilingData(); ++ exit; ++} ++ +--- a/includes/AutoLoader.php ++++ b/includes/AutoLoader.php +@@ -99,6 +99,7 @@ function __autoload($className) { + 'HistoryBlobCurStub' => 'includes/HistoryBlob.php', + 'HTMLCacheUpdate' => 'includes/HTMLCacheUpdate.php', + 'Http' => 'includes/HttpFunctions.php', ++ 'IEContentAnalyzer' => 'includes/IEContentAnalyzer.php', + 'IP' => 'includes/IP.php', + 'ImageGallery' => 'includes/ImageGallery.php', + 'ImagePage' => 'includes/ImagePage.php', +--- a/includes/DefaultSettings.php ++++ b/includes/DefaultSettings.php +@@ -1666,6 +1666,8 @@ $wgMimeTypeBlacklist= array( + 'application/x-php', 'text/x-php', + # Other types that may be interpreted by some servers + 'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh', ++ # Client-side hazards on Internet Explorer ++ 'text/scriptlet', 'application/x-msdownload', + # Windows metafile, client-side vulnerability on some systems + 'application/x-msmetafile' + ); +--- a/includes/Exception.php ++++ b/includes/Exception.php +@@ -227,7 +227,16 @@ function wfReportException( Exception $e + } + } + } else { +- echo $e->__toString(); ++ $message = "Unexpected non-MediaWiki exception encountered, of type \"" . get_class( $e ) . "\"\n" . ++ $e->__toString() . "\n"; ++ if ( $GLOBALS['wgShowExceptionDetails'] ) { ++ $message .= "\n" . $e->getTraceAsString() ."\n"; ++ } ++ if ( !empty( $GLOBALS['wgCommandLineMode'] ) ) { ++ wfPrintError( $message ); ++ } else { ++ echo nl2br( htmlspecialchars( $message ) ). "\n"; ++ } + } + } + +--- /dev/null ++++ b/includes/IEContentAnalyzer.php +@@ -0,0 +1,823 @@ ++ array( ++ 'text/plain', ++ 'application/octet-stream', ++ 'application/x-netcdf', // [sic] ++ ), ++ 'text' /*3*/ => array( ++ 'text/richtext', 'image/x-bitmap', 'application/postscript', 'application/base64', ++ 'application/macbinhex40', 'application/x-cdf', 'text/scriptlet' ++ ), ++ 'binary' /*4*/ => array( ++ 'application/pdf', 'audio/x-aiff', 'audio/basic', 'audio/wav', 'image/gif', ++ 'image/pjpeg', 'image/jpeg', 'image/tiff', 'image/x-png', 'image/png', 'image/bmp', ++ 'image/x-jg', 'image/x-art', 'image/x-emf', 'image/x-wmf', 'video/avi', ++ 'video/x-msvideo', 'video/mpeg', 'application/x-compressed', ++ 'application/x-zip-compressed', 'application/x-gzip-compressed', 'application/java', ++ 'application/x-msdownload' ++ ), ++ 'html' /*5*/ => array( 'text/html' ), ++ ); ++ ++ /** ++ * Changes to the type table in later versions of IE ++ */ ++ protected $addedTypes = array( ++ 'ie07' => array( ++ 'text' => array( 'text/xml', 'application/xml' ) ++ ), ++ ); ++ ++ /** ++ * An approximation of the "Content Type" values in HKEY_CLASSES_ROOT in a ++ * typical Windows installation. ++ * ++ * Used for extension to MIME type mapping if detection fails. ++ */ ++ protected $registry = array( ++ '.323' => 'text/h323', ++ '.3g2' => 'video/3gpp2', ++ '.3gp' => 'video/3gpp', ++ '.3gp2' => 'video/3gpp2', ++ '.3gpp' => 'video/3gpp', ++ '.aac' => 'audio/aac', ++ '.ac3' => 'audio/ac3', ++ '.accda' => 'application/msaccess', ++ '.accdb' => 'application/msaccess', ++ '.accdc' => 'application/msaccess', ++ '.accde' => 'application/msaccess', ++ '.accdr' => 'application/msaccess', ++ '.accdt' => 'application/msaccess', ++ '.ade' => 'application/msaccess', ++ '.adp' => 'application/msaccess', ++ '.adts' => 'audio/aac', ++ '.ai' => 'application/postscript', ++ '.aif' => 'audio/aiff', ++ '.aifc' => 'audio/aiff', ++ '.aiff' => 'audio/aiff', ++ '.amc' => 'application/x-mpeg', ++ '.application' => 'application/x-ms-application', ++ '.asf' => 'video/x-ms-asf', ++ '.asx' => 'video/x-ms-asf', ++ '.au' => 'audio/basic', ++ '.avi' => 'video/avi', ++ '.bmp' => 'image/bmp', ++ '.caf' => 'audio/x-caf', ++ '.cat' => 'application/vnd.ms-pki.seccat', ++ '.cbo' => 'application/sha', ++ '.cdda' => 'audio/aiff', ++ '.cer' => 'application/x-x509-ca-cert', ++ '.conf' => 'text/plain', ++ '.crl' => 'application/pkix-crl', ++ '.crt' => 'application/x-x509-ca-cert', ++ '.css' => 'text/css', ++ '.csv' => 'application/vnd.ms-excel', ++ '.der' => 'application/x-x509-ca-cert', ++ '.dib' => 'image/bmp', ++ '.dif' => 'video/x-dv', ++ '.dll' => 'application/x-msdownload', ++ '.doc' => 'application/msword', ++ '.docm' => 'application/vnd.ms-word.document.macroEnabled.12', ++ '.docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', ++ '.dot' => 'application/msword', ++ '.dotm' => 'application/vnd.ms-word.template.macroEnabled.12', ++ '.dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', ++ '.dv' => 'video/x-dv', ++ '.dwfx' => 'model/vnd.dwfx+xps', ++ '.edn' => 'application/vnd.adobe.edn', ++ '.eml' => 'message/rfc822', ++ '.eps' => 'application/postscript', ++ '.etd' => 'application/x-ebx', ++ '.exe' => 'application/x-msdownload', ++ '.fdf' => 'application/vnd.fdf', ++ '.fif' => 'application/fractals', ++ '.gif' => 'image/gif', ++ '.gsm' => 'audio/x-gsm', ++ '.hqx' => 'application/mac-binhex40', ++ '.hta' => 'application/hta', ++ '.htc' => 'text/x-component', ++ '.htm' => 'text/html', ++ '.html' => 'text/html', ++ '.htt' => 'text/webviewhtml', ++ '.hxa' => 'application/xml', ++ '.hxc' => 'application/xml', ++ '.hxd' => 'application/octet-stream', ++ '.hxe' => 'application/xml', ++ '.hxf' => 'application/xml', ++ '.hxh' => 'application/octet-stream', ++ '.hxi' => 'application/octet-stream', ++ '.hxk' => 'application/xml', ++ '.hxq' => 'application/octet-stream', ++ '.hxr' => 'application/octet-stream', ++ '.hxs' => 'application/octet-stream', ++ '.hxt' => 'application/xml', ++ '.hxv' => 'application/xml', ++ '.hxw' => 'application/octet-stream', ++ '.ico' => 'image/x-icon', ++ '.iii' => 'application/x-iphone', ++ '.ins' => 'application/x-internet-signup', ++ '.iqy' => 'text/x-ms-iqy', ++ '.isp' => 'application/x-internet-signup', ++ '.jfif' => 'image/jpeg', ++ '.jnlp' => 'application/x-java-jnlp-file', ++ '.jpe' => 'image/jpeg', ++ '.jpeg' => 'image/jpeg', ++ '.jpg' => 'image/jpeg', ++ '.jtx' => 'application/x-jtx+xps', ++ '.latex' => 'application/x-latex', ++ '.log' => 'text/plain', ++ '.m1v' => 'video/mpeg', ++ '.m2v' => 'video/mpeg', ++ '.m3u' => 'audio/x-mpegurl', ++ '.mac' => 'image/x-macpaint', ++ '.man' => 'application/x-troff-man', ++ '.mda' => 'application/msaccess', ++ '.mdb' => 'application/msaccess', ++ '.mde' => 'application/msaccess', ++ '.mfp' => 'application/x-shockwave-flash', ++ '.mht' => 'message/rfc822', ++ '.mhtml' => 'message/rfc822', ++ '.mid' => 'audio/mid', ++ '.midi' => 'audio/mid', ++ '.mod' => 'video/mpeg', ++ '.mov' => 'video/quicktime', ++ '.mp2' => 'video/mpeg', ++ '.mp2v' => 'video/mpeg', ++ '.mp3' => 'audio/mpeg', ++ '.mp4' => 'video/mp4', ++ '.mpa' => 'video/mpeg', ++ '.mpe' => 'video/mpeg', ++ '.mpeg' => 'video/mpeg', ++ '.mpf' => 'application/vnd.ms-mediapackage', ++ '.mpg' => 'video/mpeg', ++ '.mpv2' => 'video/mpeg', ++ '.mqv' => 'video/quicktime', ++ '.NMW' => 'application/nmwb', ++ '.nws' => 'message/rfc822', ++ '.odc' => 'text/x-ms-odc', ++ '.ols' => 'application/vnd.ms-publisher', ++ '.p10' => 'application/pkcs10', ++ '.p12' => 'application/x-pkcs12', ++ '.p7b' => 'application/x-pkcs7-certificates', ++ '.p7c' => 'application/pkcs7-mime', ++ '.p7m' => 'application/pkcs7-mime', ++ '.p7r' => 'application/x-pkcs7-certreqresp', ++ '.p7s' => 'application/pkcs7-signature', ++ '.pct' => 'image/pict', ++ '.pdf' => 'application/pdf', ++ '.pdx' => 'application/vnd.adobe.pdx', ++ '.pfx' => 'application/x-pkcs12', ++ '.pic' => 'image/pict', ++ '.pict' => 'image/pict', ++ '.pinstall' => 'application/x-picasa-detect', ++ '.pko' => 'application/vnd.ms-pki.pko', ++ '.png' => 'image/png', ++ '.pnt' => 'image/x-macpaint', ++ '.pntg' => 'image/x-macpaint', ++ '.pot' => 'application/vnd.ms-powerpoint', ++ '.potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12', ++ '.potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template', ++ '.ppa' => 'application/vnd.ms-powerpoint', ++ '.ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12', ++ '.pps' => 'application/vnd.ms-powerpoint', ++ '.ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12', ++ '.ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', ++ '.ppt' => 'application/vnd.ms-powerpoint', ++ '.pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12', ++ '.pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation', ++ '.prf' => 'application/pics-rules', ++ '.ps' => 'application/postscript', ++ '.pub' => 'application/vnd.ms-publisher', ++ '.pwz' => 'application/vnd.ms-powerpoint', ++ '.py' => 'text/plain', ++ '.pyw' => 'text/plain', ++ '.qht' => 'text/x-html-insertion', ++ '.qhtm' => 'text/x-html-insertion', ++ '.qt' => 'video/quicktime', ++ '.qti' => 'image/x-quicktime', ++ '.qtif' => 'image/x-quicktime', ++ '.qtl' => 'application/x-quicktimeplayer', ++ '.rat' => 'application/rat-file', ++ '.rmf' => 'application/vnd.adobe.rmf', ++ '.rmi' => 'audio/mid', ++ '.rqy' => 'text/x-ms-rqy', ++ '.rtf' => 'application/msword', ++ '.sct' => 'text/scriptlet', ++ '.sd2' => 'audio/x-sd2', ++ '.sdp' => 'application/sdp', ++ '.shtml' => 'text/html', ++ '.sit' => 'application/x-stuffit', ++ '.sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12', ++ '.sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide', ++ '.slk' => 'application/vnd.ms-excel', ++ '.snd' => 'audio/basic', ++ '.so' => 'application/x-apachemodule', ++ '.sol' => 'text/plain', ++ '.sor' => 'text/plain', ++ '.spc' => 'application/x-pkcs7-certificates', ++ '.spl' => 'application/futuresplash', ++ '.sst' => 'application/vnd.ms-pki.certstore', ++ '.stl' => 'application/vnd.ms-pki.stl', ++ '.swf' => 'application/x-shockwave-flash', ++ '.thmx' => 'application/vnd.ms-officetheme', ++ '.tif' => 'image/tiff', ++ '.tiff' => 'image/tiff', ++ '.txt' => 'text/plain', ++ '.uls' => 'text/iuls', ++ '.vcf' => 'text/x-vcard', ++ '.vdx' => 'application/vnd.ms-visio.viewer', ++ '.vsd' => 'application/vnd.ms-visio.viewer', ++ '.vss' => 'application/vnd.ms-visio.viewer', ++ '.vst' => 'application/vnd.ms-visio.viewer', ++ '.vsx' => 'application/vnd.ms-visio.viewer', ++ '.vtx' => 'application/vnd.ms-visio.viewer', ++ '.wav' => 'audio/wav', ++ '.wax' => 'audio/x-ms-wax', ++ '.wbk' => 'application/msword', ++ '.wdp' => 'image/vnd.ms-photo', ++ '.wiz' => 'application/msword', ++ '.wm' => 'video/x-ms-wm', ++ '.wma' => 'audio/x-ms-wma', ++ '.wmd' => 'application/x-ms-wmd', ++ '.wmv' => 'video/x-ms-wmv', ++ '.wmx' => 'video/x-ms-wmx', ++ '.wmz' => 'application/x-ms-wmz', ++ '.wpl' => 'application/vnd.ms-wpl', ++ '.wsc' => 'text/scriptlet', ++ '.wvx' => 'video/x-ms-wvx', ++ '.xaml' => 'application/xaml+xml', ++ '.xbap' => 'application/x-ms-xbap', ++ '.xdp' => 'application/vnd.adobe.xdp+xml', ++ '.xfdf' => 'application/vnd.adobe.xfdf', ++ '.xht' => 'application/xhtml+xml', ++ '.xhtml' => 'application/xhtml+xml', ++ '.xla' => 'application/vnd.ms-excel', ++ '.xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12', ++ '.xlk' => 'application/vnd.ms-excel', ++ '.xll' => 'application/vnd.ms-excel', ++ '.xlm' => 'application/vnd.ms-excel', ++ '.xls' => 'application/vnd.ms-excel', ++ '.xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12', ++ '.xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12', ++ '.xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', ++ '.xlt' => 'application/vnd.ms-excel', ++ '.xltm' => 'application/vnd.ms-excel.template.macroEnabled.12', ++ '.xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', ++ '.xlw' => 'application/vnd.ms-excel', ++ '.xml' => 'text/xml', ++ '.xps' => 'application/vnd.ms-xpsdocument', ++ '.xsl' => 'text/xml', ++ ); ++ ++ /** ++ * IE versions which have been analysed to bring you this class, and for ++ * which some substantive difference exists. These will appear as keys ++ * in the return value of getRealMimesFromData(). The names are chosen to sort correctly. ++ */ ++ protected $versions = array( 'ie05', 'ie06', 'ie07', 'ie07.strict', 'ie07.nohtml' ); ++ ++ /** ++ * Type table with versions expanded ++ */ ++ protected $typeTable = array(); ++ ++ /** constructor */ ++ function __construct() { ++ // Construct versioned type arrays from the base type array plus additions ++ $types = $this->baseTypeTable; ++ foreach ( $this->versions as $version ) { ++ if ( isset( $this->addedTypes[$version] ) ) { ++ foreach ( $this->addedTypes[$version] as $format => $addedTypes ) { ++ $types[$format] = array_merge( $types[$format], $addedTypes ); ++ } ++ } ++ $this->typeTable[$version] = $types; ++ } ++ } ++ ++ /** ++ * Get the MIME types from getMimesFromData(), but convert the result from IE's ++ * idiosyncratic private types into something other apps will understand. ++ * ++ * @param string $fileName The file name (unused at present) ++ * @param string $chunk The first 256 bytes of the file ++ * @param string $proposed The MIME type proposed by the server ++ * ++ * @return array Map of IE version to detected mime type ++ */ ++ public function getRealMimesFromData( $fileName, $chunk, $proposed ) { ++ $types = $this->getMimesFromData( $fileName, $chunk, $proposed ); ++ $types = array_map( array( $this, 'translateMimeType' ), $types ); ++ return $types; ++ } ++ ++ /** ++ * Translate a MIME type from IE's idiosyncratic private types into ++ * more commonly understood type strings ++ */ ++ public function translateMimeType( $type ) { ++ static $table = array( ++ 'image/pjpeg' => 'image/jpeg', ++ 'image/x-png' => 'image/png', ++ 'image/x-wmf' => 'application/x-msmetafile', ++ 'image/bmp' => 'image/x-bmp', ++ 'application/x-zip-compressed' => 'application/zip', ++ 'application/x-compressed' => 'application/x-compress', ++ 'application/x-gzip-compressed' => 'application/x-gzip', ++ 'audio/mid' => 'audio/midi', ++ ); ++ if ( isset( $table[$type] ) ) { ++ $type = $table[$type]; ++ } ++ return $type; ++ } ++ ++ /** ++ * Get the untranslated MIME types for all known versions ++ * ++ * @param string $fileName The file name (unused at present) ++ * @param string $chunk The first 256 bytes of the file ++ * @param string $proposed The MIME type proposed by the server ++ * ++ * @return array Map of IE version to detected mime type ++ */ ++ public function getMimesFromData( $fileName, $chunk, $proposed ) { ++ $types = array(); ++ foreach ( $this->versions as $version ) { ++ $types[$version] = $this->getMimeTypeForVersion( $version, $fileName, $chunk, $proposed ); ++ } ++ return $types; ++ } ++ ++ /** ++ * Get the MIME type for a given named version ++ */ ++ protected function getMimeTypeForVersion( $version, $fileName, $chunk, $proposed ) { ++ // Strip text after a semicolon ++ $semiPos = strpos( $proposed, ';' ); ++ if ( $semiPos !== false ) { ++ $proposed = substr( $proposed, 0, $semiPos ); ++ } ++ ++ $proposedFormat = $this->getDataFormat( $version, $proposed ); ++ if ( $proposedFormat == 'unknown' ++ && $proposed != 'multipart/mixed' ++ && $proposed != 'multipart/x-mixed-replace' ) ++ { ++ return $proposed; ++ } ++ if ( strval( $chunk ) === '' ) { ++ return $proposed; ++ } ++ ++ // Truncate chunk at 255 bytes ++ $chunk = substr( $chunk, 0, 255 ); ++ ++ // IE does the Check*Headers() calls last, and instead does the following image ++ // type checks by directly looking for the magic numbers. What I do here should ++ // have the same effect since the magic number checks are identical in both cases. ++ $result = $this->sampleData( $version, $chunk ); ++ $sampleFound = $result['found']; ++ $counters = $result['counters']; ++ $binaryType = $this->checkBinaryHeaders( $version, $chunk ); ++ $textType = $this->checkTextHeaders( $version, $chunk ); ++ ++ if ( $proposed == 'text/html' && isset( $sampleFound['html'] ) ) { ++ return 'text/html'; ++ } ++ if ( $proposed == 'image/gif' && $binaryType == 'image/gif' ) { ++ return 'image/gif'; ++ } ++ if ( ( $proposed == 'image/pjpeg' || $proposed == 'image/jpeg' ) ++ && $binaryType == 'image/pjpeg' ) ++ { ++ return $proposed; ++ } ++ // PNG check added in IE 7 ++ if ( $version >= 'ie07' ++ && ( $proposed == 'image/x-png' || $proposed == 'image/png' ) ++ && $binaryType == 'image/x-png' ) ++ { ++ return $proposed; ++ } ++ ++ // CDF was removed in IE 7 so it won't be in $sampleFound for later versions ++ if ( isset( $sampleFound['cdf'] ) ) { ++ return 'application/x-cdf'; ++ } ++ ++ // RSS and Atom were added in IE 7 so they won't be in $sampleFound for ++ // previous versions ++ if ( isset( $sampleFound['rss'] ) ) { ++ return 'application/rss+xml'; ++ } ++ if ( isset( $sampleFound['rdf-tag'] ) ++ && isset( $sampleFound['rdf-url'] ) ++ && isset( $sampleFound['rdf-purl'] ) ) ++ { ++ return 'application/rss+xml'; ++ } ++ if ( isset( $sampleFound['atom'] ) ) { ++ return 'application/atom+xml'; ++ } ++ ++ if ( isset( $sampleFound['xml'] ) ) { ++ // TODO: I'm not sure under what circumstances this flag is enabled ++ if ( strpos( $version, 'strict' ) !== false ) { ++ if ( $proposed == 'text/html' || $proposed == 'text/xml' ) { ++ return 'text/xml'; ++ } ++ } else { ++ return 'text/xml'; ++ } ++ } ++ if ( isset( $sampleFound['html'] ) ) { ++ // TODO: I'm not sure under what circumstances this flag is enabled ++ if ( strpos( $version, 'nohtml' ) !== false ) { ++ if ( $proposed == 'text/plain' ) { ++ return 'text/html'; ++ } ++ } else { ++ return 'text/html'; ++ } ++ } ++ if ( isset( $sampleFound['xbm'] ) ) { ++ return 'image/x-bitmap'; ++ } ++ if ( isset( $sampleFound['binhex'] ) ) { ++ return 'application/macbinhex40'; ++ } ++ if ( isset( $sampleFound['scriptlet'] ) ) { ++ if ( strpos( $version, 'strict' ) !== false ) { ++ if ( $proposed == 'text/plain' || $proposed == 'text/scriptlet' ) { ++ return 'text/scriptlet'; ++ } ++ } else { ++ return 'text/scriptlet'; ++ } ++ } ++ ++ // Freaky heuristics to determine if the data is text or binary ++ // The heuristic is of course broken for non-ASCII text ++ if ( $counters['ctrl'] != 0 && ( $counters['ff'] + $counters['low'] ) ++ < ( $counters['ctrl'] + $counters['high'] ) * 16 ) ++ { ++ $kindOfBinary = true; ++ $type = $binaryType ? $binaryType : $textType; ++ if ( $type === false ) { ++ $type = 'application/octet-stream'; ++ } ++ } else { ++ $kindOfBinary = false; ++ $type = $textType ? $textType : $binaryType; ++ if ( $type === false ) { ++ $type = 'text/plain'; ++ } ++ } ++ ++ // Check if the output format is ambiguous ++ // This generally means that detection failed, real types aren't ambiguous ++ $detectedFormat = $this->getDataFormat( $version, $type ); ++ if ( $detectedFormat != 'ambiguous' ) { ++ return $type; ++ } ++ ++ if ( $proposedFormat != 'ambiguous' ) { ++ // FormatAgreesWithData() ++ if ( $proposedFormat == 'text' && !$kindOfBinary ) { ++ return $proposed; ++ } ++ if ( $proposedFormat == 'binary' && $kindOfBinary ) { ++ return $proposed; ++ } ++ if ( $proposedFormat == 'html' ) { ++ return $proposed; ++ } ++ } ++ ++ // Find a MIME type by searching the registry for the file extension. ++ $dotPos = strrpos( $fileName, '.' ); ++ if ( $dotPos === false ) { ++ return $type; ++ } ++ $ext = substr( $fileName, $dotPos ); ++ if ( isset( $this->registry[$ext] ) ) { ++ return $this->registry[$ext]; ++ } ++ ++ // TODO: If the extension has an application registered to it, IE will return ++ // application/octet-stream. We'll skip that, so we could erroneously ++ // return text/plain or application/x-netcdf where application/octet-stream ++ // would be correct. ++ ++ return $type; ++ } ++ ++ /** ++ * Check for text headers at the start of the chunk ++ * Confirmed same in 5 and 7. ++ */ ++ private function checkTextHeaders( $version, $chunk ) { ++ $chunk2 = substr( $chunk, 0, 2 ); ++ $chunk4 = substr( $chunk, 0, 4 ); ++ $chunk5 = substr( $chunk, 0, 5 ); ++ if ( $chunk4 == '%PDF' ) { ++ return 'application/pdf'; ++ } ++ if ( $chunk2 == '%!' ) { ++ return 'application/postscript'; ++ } ++ if ( $chunk5 == '{\\rtf' ) { ++ return 'text/richtext'; ++ } ++ if ( $chunk5 == 'begin' ) { ++ return 'application/base64'; ++ } ++ return false; ++ } ++ ++ /** ++ * Check for binary headers at the start of the chunk ++ * Confirmed same in 5 and 7. ++ */ ++ private function checkBinaryHeaders( $version, $chunk ) { ++ $chunk2 = substr( $chunk, 0, 2 ); ++ $chunk3 = substr( $chunk, 0, 3 ); ++ $chunk4 = substr( $chunk, 0, 4 ); ++ $chunk5 = substr( $chunk, 0, 5 ); ++ $chunk8 = substr( $chunk, 0, 8 ); ++ if ( $chunk5 == 'GIF87' || $chunk5 == 'GIF89' ) { ++ return 'image/gif'; ++ } ++ if ( $chunk2 == "\xff\xd8" ) { ++ return 'image/pjpeg'; // actually plain JPEG but this is what IE returns ++ } ++ ++ if ( $chunk2 == 'BM' ++ && substr( $chunk, 6, 2 ) == "\000\000" ++ && substr( $chunk, 8, 2 ) != "\000\000" ) ++ { ++ return 'image/bmp'; // another non-standard MIME ++ } ++ if ( $chunk4 == 'RIFF' ++ && substr( $chunk, 8, 4 ) == 'WAVE' ) ++ { ++ return 'audio/wav'; ++ } ++ // These were integer literals in IE ++ // Perhaps the author was not sure what the target endianness was ++ if ( $chunk4 == ".sd\000" ++ || $chunk4 == ".snd" ++ || $chunk4 == "\000ds." ++ || $chunk4 == "dns." ) ++ { ++ return 'audio/basic'; ++ } ++ if ( $chunk3 == "MM\000" ) { ++ return 'image/tiff'; ++ } ++ if ( $chunk2 == 'MZ' ) { ++ return 'application/x-msdownload'; ++ } ++ if ( $chunk8 == "\x89PNG\x0d\x0a\x1a\x0a" ) { ++ return 'image/x-png'; // [sic] ++ } ++ if ( strlen( $chunk ) >= 5 ) { ++ $byte2 = ord( $chunk[2] ); ++ $byte4 = ord( $chunk[4] ); ++ if ( $byte2 >= 3 && $byte2 <= 31 && $byte4 == 0 && $chunk2 == 'JG' ) { ++ return 'image/x-jg'; ++ } ++ } ++ // More endian confusion? ++ if ( $chunk4 == 'MROF' ) { ++ return 'audio/x-aiff'; ++ } ++ $chunk4_8 = substr( $chunk, 8, 4 ); ++ if ( $chunk4 == 'FORM' && ( $chunk4_8 == 'AIFF' || $chunk4_8 == 'AIFC' ) ) { ++ return 'audio/x-aiff'; ++ } ++ if ( $chunk4 == 'RIFF' && $chunk4_8 == 'AVI ' ) { ++ return 'video/avi'; ++ } ++ if ( $chunk4 == "\x00\x00\x01\xb3" || $chunk4 == "\x00\x00\x01\xba" ) { ++ return 'video/mpeg'; ++ } ++ if ( $chunk4 == "\001\000\000\000" ++ && substr( $chunk, 40, 4 ) == ' EMF' ) ++ { ++ return 'image/x-emf'; ++ } ++ if ( $chunk4 == "\xd7\xcd\xc6\x9a" ) { ++ return 'image/x-wmf'; ++ } ++ if ( $chunk4 == "\xca\xfe\xba\xbe" ) { ++ return 'application/java'; ++ } ++ if ( $chunk2 == 'PK' ) { ++ return 'application/x-zip-compressed'; ++ } ++ if ( $chunk2 == "\x1f\x9d" ) { ++ return 'application/x-compressed'; ++ } ++ if ( $chunk2 == "\x1f\x8b" ) { ++ return 'application/x-gzip-compressed'; ++ } ++ // Skip redundant check for ZIP ++ if ( $chunk5 == "MThd\000" ) { ++ return 'audio/mid'; ++ } ++ if ( $chunk4 == '%PDF' ) { ++ return 'application/pdf'; ++ } ++ return false; ++ } ++ ++ /** ++ * Do heuristic checks on the bulk of the data sample. ++ * Search for HTML tags. ++ */ ++ protected function sampleData( $version, $chunk ) { ++ $found = array(); ++ $counters = array( ++ 'ctrl' => 0, ++ 'high' => 0, ++ 'low' => 0, ++ 'lf' => 0, ++ 'cr' => 0, ++ 'ff' => 0 ++ ); ++ $htmlTags = array( ++ 'html', ++ 'head', ++ 'title', ++ 'body', ++ 'script', ++ 'a href', ++ 'pre', ++ 'img', ++ 'plaintext', ++ 'table' ++ ); ++ $rdfUrl = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#'; ++ $rdfPurl = 'http://purl.org/rss/1.0/'; ++ $xbmMagic1 = '#define'; ++ $xbmMagic2 = '_width'; ++ $xbmMagic3 = '_bits'; ++ $binhexMagic = 'converted with BinHex'; ++ ++ for ( $offset = 0; $offset < strlen( $chunk ); $offset++ ) { ++ $curChar = $chunk[$offset]; ++ if ( $curChar == "\x0a" ) { ++ $counters['lf']++; ++ continue; ++ } elseif ( $curChar == "\x0d" ) { ++ $counters['cr']++; ++ continue; ++ } elseif ( $curChar == "\x0c" ) { ++ $counters['ff']++; ++ continue; ++ } elseif ( $curChar == "\t" ) { ++ $counters['low']++; ++ continue; ++ } elseif ( ord( $curChar ) < 32 ) { ++ $counters['ctrl']++; ++ continue; ++ } elseif ( ord( $curChar ) >= 128 ) { ++ $counters['high']++; ++ continue; ++ } ++ ++ $counters['low']++; ++ if ( $curChar == '<' ) { ++ // XML ++ $remainder = substr( $chunk, $offset + 1 ); ++ if ( !strncasecmp( $remainder, '?XML', 4 ) ) { ++ $nextChar = substr( $chunk, $offset + 5, 1 ); ++ if ( $nextChar == ':' || $nextChar == ' ' || $nextChar == "\t" ) { ++ $found['xml'] = true; ++ } ++ } ++ // Scriptlet (JSP) ++ if ( !strncasecmp( $remainder, 'SCRIPTLET', 9 ) ) { ++ $found['scriptlet'] = true; ++ break; ++ } ++ // HTML ++ foreach ( $htmlTags as $tag ) { ++ if ( !strncasecmp( $remainder, $tag, strlen( $tag ) ) ) { ++ $found['html'] = true; ++ } ++ } ++ // Skip broken check for additional tags (HR etc.) ++ ++ // CHANNEL replaced by RSS, RDF and FEED in IE 7 ++ if ( $version < 'ie07' ) { ++ if ( !strncasecmp( $remainder, 'CHANNEL', 7 ) ) { ++ $found['cdf'] = true; ++ } ++ } else { ++ // RSS ++ if ( !strncasecmp( $remainder, 'RSS', 3 ) ) { ++ $found['rss'] = true; ++ break; // return from SampleData ++ } ++ if ( !strncasecmp( $remainder, 'rdf:RDF', 7 ) ) { ++ $found['rdf-tag'] = true; ++ // no break ++ } ++ if ( !strncasecmp( $remainder, 'FEED', 4 ) ) { ++ $found['atom'] = true; ++ break; ++ } ++ } ++ continue; ++ } ++ // Skip broken check for --> ++ ++ // RSS URL checks ++ // For some reason both URLs must appear before it is recognised ++ $remainder = substr( $chunk, $offset ); ++ if ( !strncasecmp( $remainder, $rdfUrl, strlen( $rdfUrl ) ) ) { ++ $found['rdf-url'] = true; ++ if ( isset( $found['rdf-tag'] ) ++ && isset( $found['rdf-purl'] ) ) // [sic] ++ { ++ break; ++ } ++ continue; ++ } ++ ++ if ( !strncasecmp( $remainder, $rdfPurl, strlen( $rdfPurl ) ) ) { ++ if ( isset( $found['rdf-tag'] ) ++ && isset( $found['rdf-url'] ) ) // [sic] ++ { ++ break; ++ } ++ continue; ++ } ++ ++ // XBM checks ++ if ( !strncasecmp( $remainder, $xbmMagic1, strlen( $xbmMagic1 ) ) ) { ++ $found['xbm1'] = true; ++ continue; ++ } ++ if ( $curChar == '_' ) { ++ if ( isset( $found['xbm2'] ) ) { ++ if ( !strncasecmp( $remainder, $xbmMagic3, strlen( $xbmMagic3 ) ) ) { ++ $found['xbm'] = true; ++ break; ++ } ++ } elseif ( isset( $found['xbm1'] ) ) { ++ if ( !strncasecmp( $remainder, $xbmMagic2, strlen( $xbmMagic2 ) ) ) { ++ $found['xbm2'] = true; ++ } ++ } ++ } ++ ++ // BinHex ++ if ( !strncasecmp( $remainder, $binhexMagic, strlen( $binhexMagic ) ) ) { ++ $found['binhex'] = true; ++ } ++ } ++ return array( 'found' => $found, 'counters' => $counters ); ++ } ++ ++ protected function getDataFormat( $version, $type ) { ++ $types = $this->typeTable[$version]; ++ if ( $type == '(null)' || strval( $type ) === '' ) { ++ return 'ambiguous'; ++ } ++ foreach ( $types as $format => $list ) { ++ if ( in_array( $type, $list ) ) { ++ return $format; ++ } ++ } ++ return 'unknown'; ++ } ++} ++ +--- a/includes/MimeMagic.php ++++ b/includes/MimeMagic.php +@@ -100,6 +100,10 @@ class MimeMagic { + */ + var $mExtToMime= NULL; + ++ /** IEContentAnalyzer instance ++ */ ++ var $mIEAnalyzer; ++ + /** The singleton instance + */ + private static $instance; +@@ -733,6 +737,29 @@ class MimeMagic { + + return MEDIATYPE_UNKNOWN; + } ++ ++ /** ++ * Get the MIME types that various versions of Internet Explorer would ++ * detect from a chunk of the content. ++ * ++ * @param string $fileName The file name (unused at present) ++ * @param string $chunk The first 256 bytes of the file ++ * @param string $proposed The MIME type proposed by the server ++ */ ++ public function getIEMimeTypes( $fileName, $chunk, $proposed ) { ++ $ca = $this->getIEContentAnalyzer(); ++ return $ca->getRealMimesFromData( $fileName, $chunk, $proposed ); ++ } ++ ++ /** ++ * Get a cached instance of IEContentAnalyzer ++ */ ++ protected function getIEContentAnalyzer() { ++ if ( is_null( $this->mIEAnalyzer ) ) { ++ $this->mIEAnalyzer = new IEContentAnalyzer; ++ } ++ return $this->mIEAnalyzer; ++ } + } + + +--- a/includes/SpecialImport.php ++++ b/includes/SpecialImport.php +@@ -42,26 +42,30 @@ function wfSpecialImport( $page = '' ) { + if( $wgRequest->wasPosted() && $wgRequest->getVal( 'action' ) == 'submit') { + $isUpload = false; + $namespace = $wgRequest->getIntOrNull( 'namespace' ); ++ $sourceName = $wgRequest->getVal( "source" ); + +- switch( $wgRequest->getVal( "source" ) ) { +- case "upload": ++ if ( !$wgUser->matchEditToken( $wgRequest->getVal( 'editToken' ) ) ) { ++ $source = new WikiErrorMsg( 'import-token-mismatch' ); ++ } elseif ( $sourceName == 'upload' ) { + $isUpload = true; + if( $wgUser->isAllowed( 'importupload' ) ) { + $source = ImportStreamSource::newFromUpload( "xmlimport" ); + } else { + return $wgOut->permissionRequired( 'importupload' ); + } +- break; +- case "interwiki": ++ } elseif ( $sourceName == "interwiki" ) { + $interwiki = $wgRequest->getVal( 'interwiki' ); +- $history = $wgRequest->getCheck( 'interwikiHistory' ); +- $frompage = $wgRequest->getText( "frompage" ); +- $source = ImportStreamSource::newFromInterwiki( +- $interwiki, +- $frompage, +- $history ); +- break; +- default: ++ if ( !in_array( $interwiki, $wgImportSources ) ) { ++ $source = new WikiErrorMsg( "import-invalid-interwiki" ); ++ } else { ++ $history = $wgRequest->getCheck( 'interwikiHistory' ); ++ $frompage = $wgRequest->getText( "frompage" ); ++ $source = ImportStreamSource::newFromInterwiki( ++ $interwiki, ++ $frompage, ++ $history ); ++ } ++ } else { + $source = new WikiErrorMsg( "importunknownsource" ); + } + +@@ -105,6 +109,7 @@ function wfSpecialImport( $page = '' ) { + Xml::hidden( 'action', 'submit' ) . + Xml::hidden( 'source', 'upload' ) . + "" . // No Xml function for type=file? Todo? ++ Xml::hidden( 'editToken', $wgUser->editToken() ) . + Xml::submitButton( wfMsg( 'uploadbtn' ) ) . + Xml::closeElement( 'form' ) . + Xml::closeElement( 'fieldset' ) +@@ -123,6 +128,7 @@ function wfSpecialImport( $page = '' ) { + wfMsgExt( 'import-interwiki-text', array( 'parse' ) ) . + Xml::hidden( 'action', 'submit' ) . + Xml::hidden( 'source', 'interwiki' ) . ++ Xml::hidden( 'editToken', $wgUser->editToken() ) . + Xml::openElement( 'table' ) . + " + " . +--- a/includes/SpecialUndelete.php ++++ b/includes/SpecialUndelete.php +@@ -530,7 +530,7 @@ class PageArchive { + */ + class UndeleteForm { + var $mAction, $mTarget, $mTimestamp, $mRestore, $mTargetObj; +- var $mTargetTimestamp, $mAllowed, $mComment; ++ var $mTargetTimestamp, $mAllowed, $mComment, $mToken; + + function UndeleteForm( $request, $par = "" ) { + global $wgUser; +@@ -547,6 +547,7 @@ class UndeleteForm { + $this->mPreview = $request->getCheck( 'preview' ) && $posted; + $this->mDiff = $request->getCheck( 'diff' ); + $this->mComment = $request->getText( 'wpComment' ); ++ $this->mToken = $request->getVal( 'token' ); + + if( $par != "" ) { + $this->mTarget = $par; +@@ -604,7 +605,12 @@ class UndeleteForm { + return $this->showRevision( $this->mTimestamp ); + } + if( $this->mFile !== null ) { +- return $this->showFile( $this->mFile ); ++ if ( !$wgUser->matchEditToken( $this->mToken, $this->mFile ) ) { ++ $this->showFileConfirmationForm( $this->mFile ); ++ return false; ++ } else { ++ return $this->showFile( $this->mFile ); ++ } + } + if( $this->mRestore && $this->mAction == "submit" ) { + return $this->undelete(); +@@ -810,6 +816,29 @@ class UndeleteForm { + } + + /** ++ * Show a form confirming whether a tokenless user really wants to see a file ++ */ ++ private function showFileConfirmationForm( $key ) { ++ global $wgOut, $wgUser, $wgLang; ++ $file = new ArchivedFile( $this->mTargetObj, '', $this->mFile ); ++ $wgOut->addWikiMsg( 'undelete-show-file-confirm', ++ $this->mTargetObj->getText(), ++ $wgLang->timeanddate( $file->getTimestamp() ) ); ++ $wgOut->addHTML( ++ Xml::openElement( 'form', array( ++ 'method' => 'POST', ++ 'action' => SpecialPage::getTitleFor( 'Undelete' )->getLocalUrl( ++ 'target=' . urlencode( $this->mTarget ) . ++ '&file=' . urlencode( $key ) . ++ '&token=' . urlencode( $wgUser->editToken( $key ) ) ) ++ ) ++ ) . ++ Xml::submitButton( wfMsg( 'undelete-show-file-submit' ) ) . ++ '' ++ ); ++ } ++ ++ /** + * Show a deleted file version requested by the visitor. + */ + function showFile( $key ) { +@@ -997,7 +1026,9 @@ class UndeleteForm { + $target = urlencode( $this->mTarget ); + $pageLink = $sk->makeKnownLinkObj( $titleObj, + $wgLang->timeanddate( $ts, true ), +- "target=$target&file=$key" ); ++ "target=$target" . ++ "&file=$key" . ++ "&token=" . urlencode( $wgUser->editToken( $key ) ) ); + } else { + $checkBox = ''; + $pageLink = $wgLang->timeanddate( $ts, true ); +--- a/includes/SpecialUpload.php ++++ b/includes/SpecialUpload.php +@@ -1214,11 +1214,11 @@ EOT + $magic=& MimeMagic::singleton(); + $mime= $magic->guessMimeType($tmpfile,false); + ++ + #check mime type, if desired + global $wgVerifyMimeType; + if ($wgVerifyMimeType) { +- +- wfDebug ( "\n\nmime: <$mime> extension: <$extension>\n\n"); ++ wfDebug ( "\n\nmime: <$mime> extension: <$extension>\n\n"); + #check mime type against file extension + if( !$this->verifyExtension( $mime, $extension ) ) { + return new WikiErrorMsg( 'uploadcorrupt' ); +@@ -1226,9 +1226,22 @@ EOT + + #check mime type blacklist + global $wgMimeTypeBlacklist; +- if( isset($wgMimeTypeBlacklist) && !is_null($wgMimeTypeBlacklist) +- && $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) { +- return new WikiErrorMsg( 'filetype-badmime', htmlspecialchars( $mime ) ); ++ if( isset($wgMimeTypeBlacklist) && !is_null($wgMimeTypeBlacklist) ) { ++ if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) { ++ return new WikiErrorMsg( 'filetype-badmime', htmlspecialchars( $mime ) ); ++ } ++ ++ # Check IE type ++ $fp = fopen( $tmpfile, 'rb' ); ++ $chunk = fread( $fp, 256 ); ++ fclose( $fp ); ++ $extMime = $magic->guessTypesForExtension( $extension ); ++ $ieTypes = $magic->getIEMimeTypes( $tmpfile, $chunk, $extMime ); ++ foreach ( $ieTypes as $ieType ) { ++ if ( $this->checkFileExtension( $ieType, $wgMimeTypeBlacklist ) ) { ++ return new WikiErrorMsg( 'filetype-bad-ie-mime', $ieType ); ++ } ++ } + } + } + +@@ -1236,6 +1249,11 @@ EOT + if( $this->detectScript ( $tmpfile, $mime, $extension ) ) { + return new WikiErrorMsg( 'uploadscripted' ); + } ++ if( $extension == 'svg' || $mime == 'image/svg+xml' ) { ++ if( $this->detectScriptInSvg( $tmpfile ) ) { ++ return new WikiErrorMsg( 'uploadscripted' ); ++ } ++ } + + /** + * Scan the uploaded file for viruses +@@ -1249,6 +1267,7 @@ EOT + return true; + } + ++ + /** + * Checks if the mime type of the uploaded file matches the file extension. + * +@@ -1347,6 +1366,7 @@ EOT + */ + + $tags = array( ++ 'filterMatch; ++ } ++ ++ /** ++ * @todo Replace this with a whitelist filter! ++ */ ++ function checkSvgScriptCallback( $element, $attribs ) { ++ $stripped = $this->stripXmlNamespace( $element ); ++ ++ if( $stripped == 'script' ) { ++ wfDebug( __METHOD__ . ": Found script element '$element' in uploaded file.\n" ); ++ return true; ++ } ++ ++ foreach( $attribs as $attrib => $value ) { ++ $stripped = $this->stripXmlNamespace( $attrib ); ++ if( substr( $stripped, 0, 2 ) == 'on' ) { ++ wfDebug( __METHOD__ . ": Found script attribute '$attrib'='value' in uploaded file.\n" ); ++ return true; ++ } ++ if( $stripped == 'href' && strpos( strtolower( $value ), 'javascript:' ) !== false ) { ++ wfDebug( __METHOD__ . ": Found script href attribute '$attrib'='$value' in uploaded file.\n" ); ++ return true; ++ } ++ } ++ } ++ ++ private function stripXmlNamespace( $name ) { ++ // 'http://www.w3.org/2000/svg:script' -> 'script' ++ $parts = explode( ':', strtolower( $name ) ); ++ return array_pop( $parts ); ++ } ++ + /** + * Generic wrapper function for a virus scanner program. + * This relies on the $wgAntivirus and $wgAntivirusSetup variables. +--- a/includes/StreamFile.php ++++ b/includes/StreamFile.php +@@ -31,6 +31,12 @@ function wfStreamFile( $fname, $headers + header('Content-type: application/x-wiki'); + } + ++ // Don't stream it out as text/html if there was a PHP error ++ if ( headers_sent() ) { ++ echo "Headers already sent, terminating.\n"; ++ return; ++ } ++ + global $wgContLanguageCode; + header( "Content-Disposition: inline;filename*=utf-8'$wgContLanguageCode'" . urlencode( basename( $fname ) ) ); + +@@ -53,27 +59,54 @@ function wfStreamFile( $fname, $headers + } + + /** */ +-function wfGetType( $filename ) { ++function wfGetType( $filename, $safe = true ) { + global $wgTrivialMimeDetection; + ++ $ext = strrchr($filename, '.'); ++ $ext = $ext === false ? '' : strtolower( substr( $ext, 1 ) ); ++ + # trivial detection by file extension, + # used for thumbnails (thumb.php) + if ($wgTrivialMimeDetection) { +- $ext= strtolower(strrchr($filename, '.')); + + switch ($ext) { +- case '.gif': return 'image/gif'; +- case '.png': return 'image/png'; +- case '.jpg': return 'image/jpeg'; +- case '.jpeg': return 'image/jpeg'; ++ case 'gif': return 'image/gif'; ++ case 'png': return 'image/png'; ++ case 'jpg': return 'image/jpeg'; ++ case 'jpeg': return 'image/jpeg'; + } + + return 'unknown/unknown'; + } +- else { +- $magic=& MimeMagic::singleton(); +- return $magic->guessMimeType($filename); //full fancy mime detection ++ ++ $magic = MimeMagic::singleton(); ++ // Use the extension only, rather than magic numbers, to avoid opening ++ // up vulnerabilities due to uploads of files with allowed extensions ++ // but disallowed types. ++ $type = $magic->guessTypesForExtension( $ext ); ++ ++ /** ++ * Double-check some security settings that were done on upload but might ++ * have changed since. ++ */ ++ if ( $safe ) { ++ global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions, ++ $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist, $wgRequest; ++ $form = new UploadForm( $wgRequest ); ++ list( $partName, $extList ) = $form->splitExtensions( $filename ); ++ if ( $form->checkFileExtensionList( $extList, $wgFileBlacklist ) ) { ++ return 'unknown/unknown'; ++ } ++ if ( $wgCheckFileExtensions && $wgStrictFileExtensions ++ && !$form->checkFileExtensionList( $extList, $wgFileExtensions ) ) ++ { ++ return 'unknown/unknown'; ++ } ++ if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) { ++ return 'unknown/unknown'; ++ } + } ++ return $type; + } + + +--- a/includes/Title.php ++++ b/includes/Title.php +@@ -298,9 +298,13 @@ class Title { + $m[1] = urldecode( ltrim( $m[1], ':' ) ); + } + $title = Title::newFromText( $m[1] ); +- // Redirects to Special:Userlogout are not permitted +- if( $title instanceof Title && !$title->isSpecial( 'Userlogout' ) ) ++ // Redirects to some special pages are not permitted ++ if( $title instanceof Title ++ && !$title->isSpecial( 'Userlogout' ) ++ && !$title->isSpecial( 'Filepath' ) ) ++ { + return $title; ++ } + } + } + return null; +--- a/includes/XmlTypeCheck.php ++++ b/includes/XmlTypeCheck.php +@@ -8,38 +8,37 @@ class XmlTypeCheck { + public $wellFormed = false; + + /** ++ * Will be set to true if the optional element filter returned ++ * a match at some point. ++ */ ++ public $filterMatch = false; ++ ++ /** + * Name of the document's root element, including any namespace + * as an expanded URL. + */ + public $rootElement = ''; + +- private $softNamespaces; +- private $namespaces = array(); +- + /** + * @param $file string filename +- * @param $softNamespaces bool +- * If set to true, use of undeclared XML namespaces will be ignored. +- * This matches the behavior of rsvg, but more compliant consumers +- * such as Firefox will reject such files. +- * Leave off for the default, stricter checks. ++ * @param $filterCallback callable (optional) ++ * Function to call to do additional custom validity checks from the ++ * SAX element handler event. This gives you access to the element ++ * namespace, name, and attributes, but not to text contents. ++ * Filter should return 'true' to toggle on $this->filterMatch + */ +- function __construct( $file, $softNamespaces=false ) { +- $this->softNamespaces = $softNamespaces; ++ function __construct( $file, $filterCallback=null ) { ++ $this->filterCallback = $filterCallback; + $this->run( $file ); + } + + private function run( $fname ) { +- if( $this->softNamespaces ) { +- $parser = xml_parser_create( 'UTF-8' ); +- } else { +- $parser = xml_parser_create_ns( 'UTF-8' ); +- } ++ $parser = xml_parser_create_ns( 'UTF-8' ); + + // case folding violates XML standard, turn it off + xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false ); + +- xml_set_element_handler( $parser, array( $this, 'elementOpen' ), false ); ++ xml_set_element_handler( $parser, array( $this, 'rootElementOpen' ), false ); + + $file = fopen( $fname, "rb" ); + do { +@@ -59,35 +58,22 @@ class XmlTypeCheck { + xml_parser_free( $parser ); + } + +- private function elementOpen( $parser, $name, $attribs ) { +- if( $this->softNamespaces ) { +- // Check namespaces manually, so expat doesn't throw +- // errors on use of undeclared namespaces. +- foreach( $attribs as $attrib => $val ) { +- if( $attrib == 'xmlns' ) { +- $this->namespaces[''] = $val; +- } elseif( substr( $attrib, 0, strlen( 'xmlns:' ) ) == 'xmlns:' ) { +- $this->namespaces[substr( $attrib, strlen( 'xmlns:' ) )] = $val; +- } +- } +- +- if( strpos( $name, ':' ) === false ) { +- $ns = ''; +- $subname = $name; +- } else { +- list( $ns, $subname ) = explode( ':', $name, 2 ); +- } +- +- if( isset( $this->namespaces[$ns] ) ) { +- $name = $this->namespaces[$ns] . ':' . $subname; +- } else { +- // Technically this is invalid for XML with Namespaces. +- // But..... we'll just let it slide in soft mode. +- } +- } +- +- // We only need the first open element ++ private function rootElementOpen( $parser, $name, $attribs ) { + $this->rootElement = $name; +- xml_set_element_handler( $parser, false, false ); ++ ++ if( is_callable( $this->filterCallback ) ) { ++ xml_set_element_handler( $parser, array( $this, 'elementOpen' ), false ); ++ $this->elementOpen( $parser, $name, $attribs ); ++ } else { ++ // We only need the first open element ++ xml_set_element_handler( $parser, false, false ); ++ } ++ } ++ ++ private function elementOpen( $parser, $name, $attribs ) { ++ if( call_user_func( $this->filterCallback, $name, $attribs ) ) { ++ // Filter hit! ++ $this->filterMatch = true; ++ } + } + } +--- a/includes/filerepo/FSRepo.php ++++ b/includes/filerepo/FSRepo.php +@@ -146,10 +146,8 @@ class FSRepo extends FileRepo { + if ( !wfMkdirParents( $dstDir ) ) { + return $this->newFatal( 'directorycreateerror', $dstDir ); + } +- // In the deleted zone, seed new directories with a blank +- // index.html, to prevent crawling + if ( $dstZone == 'deleted' ) { +- file_put_contents( "$dstDir/index.html", '' ); ++ $this->initDeletedDir( $dstDir ); + } + } + +@@ -212,6 +210,20 @@ class FSRepo extends FileRepo { + } + + /** ++ * Take all available measures to prevent web accessibility of new deleted ++ * directories, in case the user has not configured offline storage ++ */ ++ protected function initDeletedDir( $dir ) { ++ // Add a .htaccess file to the root of the deleted zone ++ $root = $this->getZonePath( 'deleted' ); ++ if ( !file_exists( "$root/.htaccess" ) ) { ++ file_put_contents( "$root/.htaccess", "Deny from all\n" ); ++ } ++ // Seed new directories with a blank index.html, to prevent crawling ++ file_put_contents( "$dir/index.html", '' ); ++ } ++ ++ /** + * Pick a random name in the temp zone and store a file to it. + * @param string $originalName The base name of the file as specified + * by the user. The file extension will be maintained. +@@ -387,8 +399,7 @@ class FSRepo extends FileRepo { + $status->fatal( 'directorycreateerror', $archiveDir ); + continue; + } +- // Seed new directories with a blank index.html, to prevent crawling +- file_put_contents( "$archiveDir/index.html", '' ); ++ $this->initDeletedDir( $archiveDir ); + } + // Check if the archive directory is writable + // This doesn't appear to work on NTFS +--- a/languages/messages/MessagesEn.php ++++ b/languages/messages/MessagesEn.php +@@ -1414,6 +1414,7 @@ To include a file in a page, use a link + 'illegalfilename' => 'The filename "$1" contains characters that are not allowed in page titles. Please rename the file and try uploading it again.', + 'badfilename' => 'File name has been changed to "$1".', + 'filetype-badmime' => 'Files of the MIME type "$1" are not allowed to be uploaded.', ++'filetype-bad-ie-mime' => 'Cannot upload this file because Internet Explorer would detect it as "$1", which is a disallowed and potentially dangerous file type.', + 'filetype-unwanted-type' => "'''\".\$1\"''' is an unwanted file type. Preferred file types are \$2.", + 'filetype-banned-type' => "'''\".\$1\"''' is not a permitted file type. Permitted file types are \$2.", + 'filetype-missing' => 'The file has no extension (like ".jpg").', +@@ -1978,6 +1979,8 @@ Consult the [[Special:Log/delete|deletio + 'undelete-error-long' => 'Errors were encountered while undeleting the file: + + $1', ++'undelete-show-file-confirm' => 'Are you sure you want to view a deleted revision of the file "$1" from $2?', ++'undelete-show-file-submit' => 'Yes', + + # Namespace form on various pages + 'namespace' => 'Namespace:', +@@ -2241,6 +2244,8 @@ All transwiki import actions are logged + 'import-noarticle' => 'No page to import!', + 'import-nonewrevisions' => 'All revisions were previously imported.', + 'xml-error-string' => '$1 at line $2, col $3 (byte $4): $5', ++'import-token-mismatch' => 'Loss of session data. Please try again.', ++'import-invalid-interwiki' => 'Cannot import from the specified wiki.', + + # Import log + 'importlogpage' => 'Import log', +--- a/maintenance/language/messages.inc ++++ b/maintenance/language/messages.inc +@@ -848,6 +848,7 @@ $wgMessageStructure = array( + 'illegalfilename', + 'badfilename', + 'filetype-badmime', ++ 'filetype-bad-ie-mime', + 'filetype-unwanted-type', + 'filetype-banned-type', + 'filetype-missing', +@@ -1350,6 +1351,8 @@ $wgMessageStructure = array( + 'undelete-missing-filearchive', + 'undelete-error-short', + 'undelete-error-long', ++ 'undelete-show-file-confirm', ++ 'undelete-show-file-submit', + ), + 'nsform' => array( + 'namespace', +@@ -1577,6 +1580,8 @@ $wgMessageStructure = array( + 'import-noarticle', + 'import-nonewrevisions', + 'xml-error-string', ++ 'import-token-mismatch', ++ 'import-invalid-interwiki', + ), + 'importlog' => array( + 'importlogpage', +--- a/profileinfo.php ++++ b/profileinfo.php +@@ -48,7 +48,7 @@ $wgDBadminuser = $wgDBadminpassword = $w + + define( 'MW_NO_SETUP', 1 ); + require_once( './includes/WebStart.php' ); +-require_once("./AdminSettings.php"); ++@include_once("./AdminSettings.php"); + require_once( './includes/GlobalFunctions.php' ); + + if (!$wgEnableProfileInfo) { --- mediawiki-1.12.0.orig/debian/patches/mimetypes.patch +++ mediawiki-1.12.0/debian/patches/mimetypes.patch @@ -0,0 +1,15 @@ +Index: mediawiki-1.12.0/includes/DefaultSettings.php +=================================================================== +--- mediawiki-1.12.0.orig/includes/DefaultSettings.php 2008-03-24 02:30:29.000000000 +0100 ++++ mediawiki-1.12.0/includes/DefaultSettings.php 2008-03-24 02:30:29.000000000 +0100 +@@ -349,8 +349,8 @@ + /** Sets the mime type definition file to use by MimeMagic.php. + * @global string $wgMimeTypeFile + */ +-$wgMimeTypeFile= "includes/mime.types"; +-#$wgMimeTypeFile= "/etc/mime.types"; ++#$wgMimeTypeFile= "includes/mime.types"; ++$wgMimeTypeFile= "/etc/mime.types"; + #$wgMimeTypeFile= NULL; #use built-in defaults only. + + /** Sets the mime type info file to use by MimeMagic.php. --- mediawiki-1.12.0.orig/debian/patches/texvc_location.patch +++ mediawiki-1.12.0/debian/patches/texvc_location.patch @@ -0,0 +1,13 @@ +Index: mediawiki-1.12.0/includes/DefaultSettings.php +=================================================================== +--- mediawiki-1.12.0.orig/includes/DefaultSettings.php 2008-03-20 23:08:48.000000000 +0100 ++++ mediawiki-1.12.0/includes/DefaultSettings.php 2008-03-24 02:32:07.000000000 +0100 +@@ -1530,7 +1530,7 @@ + */ + $wgUseTeX = false; + /** Location of the texvc binary */ +-$wgTexvc = './math/texvc'; ++$wgTexvc = '/usr/bin/texvc'; + + # + # Profiling / debugging --- mediawiki-1.12.0.orig/debian/patches/CSS-no-CVE_rev-63429.patch +++ mediawiki-1.12.0/debian/patches/CSS-no-CVE_rev-63429.patch @@ -0,0 +1,98 @@ +Subject: Fixed a CSS validation issue which allowed external images to be +included into wikis where that is disallowed by configuration. +Origin: http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=63429 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/537974 +Index: b/maintenance/parserTests.txt +=================================================================== +--- a/maintenance/parserTests.txt 2008-03-20 23:08:41.000000000 +0100 ++++ b/maintenance/parserTests.txt 2010-03-12 11:37:40.000000000 +0100 +@@ -4153,6 +4153,23 @@ + + !! end + ++!! test ++CSS line continuation 1 ++!! input ++

++!! result ++

++ ++!! end ++ ++!! test ++CSS line continuation 2 ++!! input ++

++!! result ++

++ ++!! end + + !! article + Template:Identity +Index: b/includes/Sanitizer.php +=================================================================== +--- a/includes/Sanitizer.php 2008-03-20 23:08:48.000000000 +0100 ++++ b/includes/Sanitizer.php 2010-03-12 11:40:49.000000000 +0100 +@@ -662,24 +662,48 @@ + * @return mixed + */ + static function checkCss( $value ) { +- $stripped = Sanitizer::decodeCharReferences( $value ); ++ $value = Sanitizer::decodeCharReferences( $value ); + + // Remove any comments; IE gets token splitting wrong +- $stripped = StringUtils::delimiterReplace( '/*', '*/', ' ', $stripped ); +- +- $value = $stripped; ++ $value = StringUtils::delimiterReplace( '/*', '*/', ' ', $value ); + +- // ... and continue checks +- $stripped = preg_replace( '!\\\\([0-9A-Fa-f]{1,6})[ \\n\\r\\t\\f]?!e', +- 'codepointToUtf8(hexdec("$1"))', $stripped ); +- $stripped = str_replace( '\\', '', $stripped ); +- if( preg_match( '/(?:expression|tps*:\/\/|url\\s*\().*/is', +- $stripped ) ) { +- # haxx0r ++ // Decode escape sequences and line continuation ++ // See the grammar in the CSS 2 spec, appendix D, Mozilla implements it accurately. ++ // IE 8 doesn't implement it at all, but there's no way to introduce url() into ++ // IE that doesn't hit Mozilla also. ++ static $decodeRegex; ++ if ( !$decodeRegex ) { ++ $space = '[\\x20\\t\\r\\n\\f]'; ++ $nl = '(?:\\n|\\r\\n|\\r|\\f)'; ++ $backslash = '\\\\'; ++ $decodeRegex = "/ $backslash ++ (?: ++ ($nl) | # 1. Line continuation ++ ([0-9A-Fa-f]{1,6})$space? | # 2. character number ++ (.) # 3. backslash cancelling special meaning ++ )/xu"; ++ } ++ $decoded = preg_replace_callback( $decodeRegex, ++ array( __CLASS__, 'cssDecodeCallback' ), $value ); ++ if ( preg_match( '!expression|https?://|url\s*\(!i', $decoded ) ) { ++ // Not allowed + return false; ++ } else { ++ // Allowed, return CSS with comments stripped ++ return $value; ++ } ++ } ++ ++ static function cssDecodeCallback( $matches ) { ++ if ( $matches[1] !== '' ) { ++ return ''; ++ } elseif ( $matches[2] !== '' ) { ++ return codepointToUtf8( hexdec( $matches[2] ) ); ++ } elseif ( $matches[3] !== '' ) { ++ return $matches[3]; ++ } else { ++ throw new MWException( __METHOD__.': invalid match' ); + } +- +- return $value; + } + + /** --- mediawiki-1.12.0.orig/debian/patches/CVE-2009-0737.patch +++ mediawiki-1.12.0/debian/patches/CVE-2009-0737.patch @@ -0,0 +1,1680 @@ +Index: mediawiki-1.12.0/config/index.php +=================================================================== +--- mediawiki-1.12.0.orig/config/index.php 2009-02-07 19:58:44.000000000 +0100 ++++ mediawiki-1.12.0/config/index.php 2009-02-07 19:58:44.000000000 +0100 +@@ -72,7 +72,8 @@ + + + +- MediaWiki <?php echo( $wgVersion ); ?> Installation ++ ++ MediaWiki <?php echo htmlspecialchars( $wgVersion ); ?> Installation +