Page MenuHomePhabricator
Files F158011

security-T97391.patch
Krinkle (Timo Tijhof)
Actions

Authored By
Krinkle
Apr 28 2015, 5:56 AM
Size
1 KB
Referenced Files
None
Subscribers
None

security-T97391.patch
View Options

From 9926988bb819f308a99cc55a0ca4eb26d47d889e Mon Sep 17 00:00:00 2001
From: Timo Tijhof <krinklemail@gmail.com>
Date: Tue, 28 Apr 2015 06:51:25 +0100
Subject: [PATCH] thumb.php: Escape $rel404 in error message
Bug: T97391
Change-Id: I363686732fe9e5636c85c267c0728fc872c3e39d
---
thumb.php | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/thumb.php b/thumb.php
index 2ea3f07..8549f58 100644
--- a/thumb.php
+++ b/thumb.php
@@ -286,7 +286,7 @@ function wfStreamThumb( array $params ) {
}
return;
} else {
- wfThumbError( 404, "The given path of the specified thumbnail is incorrect;
+ wfThumbErrorText( 404, "The given path of the specified thumbnail is incorrect;
expected '" . $img->getThumbRel( $thumbName ) . "' but got '" .
rawurldecode( $rel404 ) . "'." );
return;
@@ -544,14 +544,26 @@ function wfExtractThumbParams( $file, $params ) {
return null;
}
+
+/**
+ * Output a thumbnail generation error message
+ *
+ * @param int $status
+ * @param string $msg Plain text (will be html escaped)
+ * @return void
+ */
+function wfThumbErrorText( $status, $msgText ) {
+ return wfThumbError( $status, htmlspecialchars( $msgText ) );
+}
+
/**
* Output a thumbnail generation error message
*
* @param int $status
- * @param string $msg HTML
+ * @param string $msgHtml HTML
* @return void
*/
-function wfThumbError( $status, $msg ) {
+function wfThumbError( $status, $msgHtml ) {
global $wgShowHostnames;
header( 'Cache-Control: no-cache' );
@@ -583,7 +595,7 @@ function wfThumbError( $status, $msg ) {
<body>
<h1>Error generating thumbnail</h1>
<p>
-$msg
+$msgHtml
</p>
$debug
</body>
--
2.3.5

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
153746
Default Alt Text
security-T97391.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL