Page MenuHomePhabricator
Create Task
Maniphest T5828

MediaWiki shouldn't scale SVGs larger than say 2000px
Closed, ResolvedPublic
Actions

Description

Author: dbenbenn

Description:
Currently, MediaWiki will produce a thumbnail of an SVG file up to the larger of
1024px or the "natural size" of the SVG. This is sort of a security hole, since
SVG files can have arbitrarily large "natural size" without affecting the file
size at all. See, for example,
[[Image:Map of Colorado counties, blank.svg]].

I propose there should be a maximum thumbnail size for SVG files; say 2000px or
so. Wikimedia projects certainly never need images larger than this. Then code
like [[Image:Foo.svg]] with no size specification would use the 2000px
thumbnail, instead of trying to make a gigantic thumbnail at the "natural size".

Version: 1.6.x
Severity: normal

Details

Reference
bz3828

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 8:55 PM
bzimport added a project: MediaWiki-File-management.
bzimport set Reference to bz3828.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Oct 29 2005, 8:45 PM
bzimport added a comment.Feb 11 2006, 8:48 AM

dbenbenn wrote:

This issue has apparently been fixed. Now MediaWiki doesn't scale SVG above
1024px regardless of the "natural size".

Gilles added a project: Multimedia.Dec 4 2014, 10:52 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.Dec 4 2014, 10:54 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL