Page MenuHomePhabricator
Files F10574835

0001-T178451-REL1_30.patch
Reedy (Sam Reed)
Actions

Authored By
Reedy
Nov 2 2017, 8:00 PM
Size
2 KB
Referenced Files
None
Subscribers
None

0001-T178451-REL1_30.patch
View Options

From eddce5c4f5172ce1b758ce9c8b9bb1f0dc3c2bf8 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Wed, 18 Oct 2017 05:28:43 +0000
Subject: [PATCH] SECURITY: Escape internal error message
This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.
Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
---
includes/exception/MWException.php | 16 +++++++++-------
includes/exception/MWExceptionRenderer.php | 16 +++++++++-------
2 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/includes/exception/MWException.php b/includes/exception/MWException.php
index 8c1f8dc968..c3f09a6fb0 100644
--- a/includes/exception/MWException.php
+++ b/includes/exception/MWException.php
@@ -103,13 +103,15 @@ class MWException extends Exception {
$logId = WebRequest::getRequestId();
$type = static::class;
return "<div class=\"errorbox\">" .
- '[' . $logId . '] ' .
- gmdate( 'Y-m-d H:i:s' ) . ": " .
- $this->msg( "internalerror-fatal-exception",
- "Fatal exception of type $1",
- $type,
- $logId,
- MWExceptionHandler::getURL( $this )
+ htmlspecialchars(
+ '[' . $logId . '] ' .
+ gmdate( 'Y-m-d H:i:s' ) . ": " .
+ $this->msg( "internalerror-fatal-exception",
+ "Fatal exception of type $1",
+ $type,
+ $logId,
+ MWExceptionHandler::getURL( $this )
+ )
) . "</div>\n" .
"<!-- Set \$wgShowExceptionDetails = true; " .
"at the bottom of LocalSettings.php to show detailed " .
diff --git a/includes/exception/MWExceptionRenderer.php b/includes/exception/MWExceptionRenderer.php
index bb5e4f4eda..1ba65aa442 100644
--- a/includes/exception/MWExceptionRenderer.php
+++ b/includes/exception/MWExceptionRenderer.php
@@ -169,13 +169,15 @@ class MWExceptionRenderer {
} else {
$logId = WebRequest::getRequestId();
$html = "<div class=\"errorbox mw-content-ltr\">" .
- '[' . $logId . '] ' .
- gmdate( 'Y-m-d H:i:s' ) . ": " .
- self::msg( "internalerror-fatal-exception",
- "Fatal exception of type $1",
- get_class( $e ),
- $logId,
- MWExceptionHandler::getURL()
+ htmlspecialchars(
+ '[' . $logId . '] ' .
+ gmdate( 'Y-m-d H:i:s' ) . ": " .
+ self::msg( "internalerror-fatal-exception",
+ "Fatal exception of type $1",
+ get_class( $e ),
+ $logId,
+ MWExceptionHandler::getURL()
+ )
) . "</div>\n" .
"<!-- " . wordwrap( self::getShowBacktraceError( $e ), 50 ) . " -->";
}
--
2.14.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5058937
Default Alt Text
0001-T178451-REL1_30.patch (2 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits