Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F24974841
T201698.patch
Ciencia_Al_Poder (Jesús Martínez Novo)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Ciencia_Al_Poder
Aug 15 2018, 2:19 PM
2018-08-15 14:19:28 (UTC+0)
Size
1 KB
Referenced Files
F25204900: T201698.patch
Aug 21 2018, 8:54 PM
2018-08-21 20:54:56 (UTC+0)
Subscribers
None
T201698.patch
View Options
diff --git a/includes/BlogPage.class.php b/includes/BlogPage.class.php
index 71c4c79..4deeee3 100644
--- a/includes/BlogPage.class.php
+++ b/includes/BlogPage.class.php
@@ -155,22 +155,18 @@ class BlogPage extends Article {
$articleText = $this->pageContent;
$categoryName = $wgContLang->getNsText( NS_CATEGORY );
+ $categoryName = preg_quote( $categoryName, '/' );
// This unbelievably weak and hacky regex is used to find out the
// author's name from the category. See also getBlurb(), which uses a
// similar regex.
- $categoryName = preg_quote( $categoryName, '/' );
- preg_match_all(
- "/\[\[(?:(?:c|C)ategory|{$categoryName}):\s?" .
- // This is an absolutely unholy, horribly hacky and otherwise
- // less-than-ideal solution that likely works for English only
- // Someone needs to come up with a better solution one of these
- // days than this regex soup...
- str_replace( ' $1', '', wfMessage( 'blog-by-user-category' )->inContentLanguage()->escaped() ) .
- " (.*)\]\]/",
- $articleText,
- $matches
- );
+ $regexp = "/\[\[(?:(?:c|C)ategory|{$categoryName}):\s*" .
+ preg_quote( wfMessage( 'blog-by-user-category' )->inContentLanguage()->plain(), '/' ) .
+ "\s*\]\]/";
+ // $1 will be the author name. Convert it to a capture pattern
+ // It needs to be escaped since the message text was escaped too
+ $regexp = str_replace( preg_quote( '$1', '/' ), '(.*)', $regexp );
+ preg_match_all( $regexp, $articleText, $matches );
$authors = $matches[1];
foreach ( $authors as $author ) {
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
6287493
Default Alt Text
T201698.patch (1 KB)
Attached To
Mode
T201698: blog-by-user-category message can potentially inject arbitrary strings and parameters when passed to preg_match_all
Attached
Detach File
Event Timeline
Ciencia_Al_Poder
added a comment.
Aug 21 2018, 8:54 PM
2018-08-21 20:54:56 (UTC+0)
Comment Actions
This patch is obsolete. See
F25204900
instead
Log In to Comment