Page MenuHomePhabricator
Files F12284

bug58088_119.patch
Public
Actions

Authored By
bzimport
Nov 22 2014, 2:25 AM
Size
863 B
Referenced Files
None
Subscribers
None

bug58088_119.patch
View Options

From eb08422a33be1bd70880c6a9767d75913dc559e2 Mon Sep 17 00:00:00 2001
From: mglaser <glaser@hallowelt.biz>
Date: Wed, 8 Jan 2014 12:00:55 +0100
Subject: [PATCH] SECURITY: Don't normalize U+FF3C to \
Bug: 58088
Change-Id: I3bb23a173120fbbb60795094cf2d26657751642f
---
includes/Sanitizer.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 50ac84d..4b54daf 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -884,7 +884,7 @@ class Sanitizer {
// Normalize Halfwidth and Fullwidth Unicode block that IE6 might treat as ascii
$value = preg_replace_callback(
- '/[!-z]/u', // U+FF01 to U+FF5A
+ '/[!-[]-z]/u', // U+FF01 to U+FF5A, excluding U+FF3C (bug 58088)
array( __CLASS__, 'cssNormalizeUnicodeWidth' ),
$value
);
--
1.8.4.msysgit.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
11740
Default Alt Text
bug58088_119.patch (863 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL