[MediaWiki-commits] [Gerrit] mediawiki...PdfHandler[REL1_27]: SECURITY: Add -dSAFER to ghostscript as a hardening measure

Mon, 22 Aug 2016 21:46:04 -0700 

jenkins-bot has submitted this change and it was merged.

Change subject: SECURITY: Add -dSAFER to ghostscript as a hardening measure
......................................................................


SECURITY: Add -dSAFER to ghostscript as a hardening measure

-dSAFER disables certain scary features of ghostscript
(like arbitrary file access). Its primarily about postscript
security, but enable it for pdfs to be safe.

Bug: T136402
Change-Id: I0ab37ddb5d134334e975bc07d3b9ba7bfc7a5659
---
M PdfHandler_body.php
1 file changed, 1 insertion(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/PdfHandler_body.php b/PdfHandler_body.php
index 36a52dd..dae9820 100644
--- a/PdfHandler_body.php
+++ b/PdfHandler_body.php
@@ -201,6 +201,7 @@
                        "-sOutputFile=-",
                        "-dFirstPage={$page}",
                        "-dLastPage={$page}",
+                       "-dSAFER",
                        "-r{$wgPdfHandlerDpi}",
                        "-dBATCH",
                        "-dNOPAUSE",

-- 
To view, visit https://gerrit.wikimedia.org/r/306144
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0ab37ddb5d134334e975bc07d3b9ba7bfc7a5659
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/PdfHandler
Gerrit-Branch: REL1_27
Gerrit-Owner: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Brian Wolff <bawolff...@gmail.com>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to