Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F12216
bug55548.patch
acl*security
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
bzimport
Nov 22 2014, 2:22 AM
2014-11-22 02:22:30 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
bug55548.patch
View Options
From 03b94426694cc83085f631355b8ba12cddb0521b Mon Sep 17 00:00:00 2001
From: Kevin Israel <pleasestand@live.com>
Date: Thu, 10 Oct 2013 18:46:17 -0400
Subject: [PATCH] SECURITY: Strictly check preg_match() return value in Html
... because preg_match() can sometimes fail (e.g. when it thinks
the string is invalid), returning false instead of 1 or 0. The
PHP manual has a warning to this effect.
Bug: 55548
Change-Id: I5387ef64d49253f2a4e539d3dc1a3a5572ec5600
---
includes/Html.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/Html.php b/includes/Html.php
index 3fea3e12..c308de9 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -513,7 +513,7 @@ class Html {
. "\x{2002}\x{2003}\x{2004}\x{2005}\x{2006}\x{2007}\x{2008}\x{2009}"
. "\x{200A}\x{2028}\x{2029}\x{202F}\x{205F}\x{3000}";
if ( $wgWellFormedXml || $value === ''
- || preg_match( "![$badChars]!u", $value ) ) {
+ || preg_match( "![$badChars]!u", $value ) !== 0 ) {
$quote = '"';
} else {
$quote = '';
--
1.8.4
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
11673
Default Alt Text
bug55548.patch (1 KB)
Attached To
Mode
T57548: Html::expandAttributes can be tricked into omitting necessary quotes
Attached
Detach File
Event Timeline
Log In to Comment