Page MenuHomePhabricator
Files F10286

diff
Public
Actions

Authored By
bzimport
Nov 22 2014, 1:14 AM
Size
1 KB
Referenced Files
None
Subscribers
None

diff
View Options

commit 904948fb2d2fa445eeb02bfed519c8610bb33603
Author: Brad Jorsch <bjorsch@wikimedia.org>
Date: Wed Mar 13 16:44:58 2013 -0400
Sanitize $limitReport before outputting
Prevents possible injection of "-->" and other HTML by extensions using
the ParserLimitReport hook.
Change-Id: I8d50e597be4d8247c441197ff403c3c2e86720e0
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 7f21449..59a2929 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -501,6 +501,11 @@ class Parser {
"Highest expansion depth: {$this->mHighestExpansionDepth}/{$this->mOptions->getMaxPPExpandDepth()}\n" .
$PFreport;
wfRunHooks( 'ParserLimitReport', array( $this, &$limitReport ) );
+
+ // Sanitize for comment. Note '‐' in the replacement is U+2010,
+ // which looks much like the problematic '-'.
+ $limitReport = str_replace( array( '-', '&' ), array( '‐', '&amp;' ), $limitReport );
+
$text .= "\n<!-- \n$limitReport-->\n";
if ( $this->mGeneratedPPNodeCount > $this->mOptions->getMaxGeneratedPPNodeCount() / 10 ) {

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9770
Default Alt Text
diff (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits