mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 22:10:55 +01:00
Remove dot/Graphviz Remarkup rule
Summary: Ref T9408. This rule is unsafe in principle, and a practical vulnerability has been found by a security researcher. Test Plan: `grep` Reviewers: chad Reviewed By: chad Maniphest Tasks: T9408 Differential Revision: https://secure.phabricator.com/D14103
This commit is contained in:
parent
d199560a6b
commit
c02f750267
2 changed files with 0 additions and 67 deletions
|
@ -2694,7 +2694,6 @@ phutil_register_library_map(array(
|
|||
'PhabricatorRemarkupCustomBlockRule' => 'infrastructure/markup/rule/PhabricatorRemarkupCustomBlockRule.php',
|
||||
'PhabricatorRemarkupCustomInlineRule' => 'infrastructure/markup/rule/PhabricatorRemarkupCustomInlineRule.php',
|
||||
'PhabricatorRemarkupFigletBlockInterpreter' => 'infrastructure/markup/interpreter/PhabricatorRemarkupFigletBlockInterpreter.php',
|
||||
'PhabricatorRemarkupGraphvizBlockInterpreter' => 'infrastructure/markup/interpreter/PhabricatorRemarkupGraphvizBlockInterpreter.php',
|
||||
'PhabricatorRemarkupUIExample' => 'applications/uiexample/examples/PhabricatorRemarkupUIExample.php',
|
||||
'PhabricatorRepositoriesSetupCheck' => 'applications/config/check/PhabricatorRepositoriesSetupCheck.php',
|
||||
'PhabricatorRepository' => 'applications/repository/storage/PhabricatorRepository.php',
|
||||
|
@ -6749,7 +6748,6 @@ phutil_register_library_map(array(
|
|||
'PhabricatorRemarkupCustomBlockRule' => 'PhutilRemarkupBlockRule',
|
||||
'PhabricatorRemarkupCustomInlineRule' => 'PhutilRemarkupRule',
|
||||
'PhabricatorRemarkupFigletBlockInterpreter' => 'PhutilRemarkupBlockInterpreter',
|
||||
'PhabricatorRemarkupGraphvizBlockInterpreter' => 'PhutilRemarkupBlockInterpreter',
|
||||
'PhabricatorRemarkupUIExample' => 'PhabricatorUIExample',
|
||||
'PhabricatorRepositoriesSetupCheck' => 'PhabricatorSetupCheck',
|
||||
'PhabricatorRepository' => array(
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorRemarkupGraphvizBlockInterpreter
|
||||
extends PhutilRemarkupBlockInterpreter {
|
||||
|
||||
public function getInterpreterName() {
|
||||
return 'dot';
|
||||
}
|
||||
|
||||
public function markupContent($content, array $argv) {
|
||||
if (!Filesystem::binaryExists('dot')) {
|
||||
return $this->markupError(
|
||||
pht(
|
||||
'Unable to locate the `%s` binary. Install Graphviz.',
|
||||
'dot'));
|
||||
}
|
||||
|
||||
$width = $this->parseDimension(idx($argv, 'width'));
|
||||
|
||||
$future = id(new ExecFuture('dot -T%s', 'png'))
|
||||
->setTimeout(15)
|
||||
->write(trim($content));
|
||||
|
||||
list($err, $stdout, $stderr) = $future->resolve();
|
||||
|
||||
if ($err) {
|
||||
return $this->markupError(
|
||||
pht(
|
||||
'Execution of `%s` failed (#%d), check your syntax: %s',
|
||||
'dot',
|
||||
$err,
|
||||
$stderr));
|
||||
}
|
||||
|
||||
$file = PhabricatorFile::buildFromFileDataOrHash(
|
||||
$stdout,
|
||||
array(
|
||||
'name' => 'graphviz.png',
|
||||
));
|
||||
|
||||
if ($this->getEngine()->isTextMode()) {
|
||||
return '<'.$file->getBestURI().'>';
|
||||
}
|
||||
|
||||
$img = phutil_tag(
|
||||
'img',
|
||||
array(
|
||||
'src' => $file->getBestURI(),
|
||||
'width' => nonempty($width, null),
|
||||
));
|
||||
return phutil_tag_div('phabricator-remarkup-embed-image-full', $img);
|
||||
}
|
||||
|
||||
// TODO: This is duplicated from PhabricatorEmbedFileRemarkupRule since they
|
||||
// do not share a base class.
|
||||
private function parseDimension($string) {
|
||||
$string = trim($string);
|
||||
|
||||
if (preg_match('/^(?:\d*\\.)?\d+%?$/', $string)) {
|
||||
return $string;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue