Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F3939586
T110143-scribunto-REL1_23b.patch
csteipp (Chris Steipp)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
csteipp
Apr 27 2016, 6:49 PM
2016-04-27 18:49:07 (UTC+0)
Size
5 KB
Referenced Files
None
Subscribers
None
T110143-scribunto-REL1_23b.patch
View Options
From ec4d38b3f90211a9224d2ce58170ae2822b8e773 Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 14 Mar 2016 11:48:20 -0400
Subject: [PATCH] SECURITY: Don't escape strip markers when escaping attributes
in mw.html
Core strip markers were changed in T110143 to include characters that
are normally encoded in attributes, however we want to pass them through
here so they can be unstripped correctly in the output wikitext.
This fix makes "Strip markers in CSS" parser test pass again.
Change-Id: I1353931a53c668d8a453dfa2300a99f59fdb01c5
---
engines/LuaCommon/HtmlLibrary.php | 8 ++++++-
engines/LuaCommon/lualib/mw.html.lua | 34 +++++++++++++++++++++-------
tests/engines/LuaCommon/HtmlLibraryTest.php | 14 ++++++++++++
tests/engines/LuaCommon/HtmlLibraryTests.lua | 12 ++++++++++
4 files changed, 59 insertions(+), 9 deletions(-)
diff --git a/engines/LuaCommon/HtmlLibrary.php b/engines/LuaCommon/HtmlLibrary.php
index 50fe15e..e5b4aa9 100644
--- a/engines/LuaCommon/HtmlLibrary.php
+++ b/engines/LuaCommon/HtmlLibrary.php
@@ -2,6 +2,12 @@
class Scribunto_LuaHtmlLibrary extends Scribunto_LuaLibraryBase {
function register() {
- $this->getEngine()->registerInterface( 'mw.html.lua', array() );
+ $this->getEngine()->registerInterface( 'mw.html.lua', array(), array(
+ // Prior to 1.26, the Parser sets its prefix as,
+ // $this->mUniqPrefix = "\x7f'\"`UNIQ" . self::getRandomString()
+ // random part should be hex chars, so we only need the first part here
+ 'uniqPrefix' => "\x7f'\"`UNIQ",
+ 'uniqSuffix' => Parser::MARKER_SUFFIX,
+ ) );
}
}
diff --git a/engines/LuaCommon/lualib/mw.html.lua b/engines/LuaCommon/lualib/mw.html.lua
index 68e2f17..211e186 100644
--- a/engines/LuaCommon/lualib/mw.html.lua
+++ b/engines/LuaCommon/lualib/mw.html.lua
@@ -14,6 +14,7 @@
]]
local HtmlBuilder = {}
+local options
local metatable = {}
local methodtable = {}
@@ -82,7 +83,11 @@ end
--
-- @param s
local function htmlEncode( s )
- return string.gsub( s, '[<>&"]', htmlencodeMap )
+ local tmp = string.gsub( s, '[<>&"]', htmlencodeMap );
+ -- Don't encode strip markers here (T110143)
+ tmp = string.gsub( tmp, options.encodedUniqPrefixPat, options.uniqPrefixRepl )
+ tmp = string.gsub( tmp, options.encodedUniqSuffixPat, options.uniqSuffixRepl )
+ return tmp
end
local function cssEncode( s )
@@ -365,12 +370,25 @@ function HtmlBuilder.create( tagName, args )
return builder
end
-mw_interface = nil
-
--- Register this library in the "mw" global
-mw = mw or {}
-mw.html = HtmlBuilder
-
-package.loaded['mw.html'] = HtmlBuilder
+function HtmlBuilder.setupInterface( opts )
+ -- Boilerplate
+ HtmlBuilder.setupInterface = nil
+ mw_interface = nil
+ options = opts
+
+ -- Prepare patterns for unencoding strip markers
+ options.encodedUniqPrefixPat = string.gsub( options.uniqPrefix, '[<>&"]', htmlencodeMap );
+ options.encodedUniqPrefixPat = string.gsub( options.encodedUniqPrefixPat, '%p', '%%%0' );
+ options.uniqPrefixRepl = string.gsub( options.uniqPrefix, '%%', '%%%0' );
+ options.encodedUniqSuffixPat = string.gsub( options.uniqSuffix, '[<>&"]', htmlencodeMap );
+ options.encodedUniqSuffixPat = string.gsub( options.encodedUniqSuffixPat, '%p', '%%%0' );
+ options.uniqSuffixRepl = string.gsub( options.uniqSuffix, '%%', '%%%0' );
+
+ -- Register this library in the "mw" global
+ mw = mw or {}
+ mw.html = HtmlBuilder
+
+ package.loaded['mw.html'] = HtmlBuilder
+end
return HtmlBuilder
diff --git a/tests/engines/LuaCommon/HtmlLibraryTest.php b/tests/engines/LuaCommon/HtmlLibraryTest.php
index bb027e4..775387e 100644
--- a/tests/engines/LuaCommon/HtmlLibraryTest.php
+++ b/tests/engines/LuaCommon/HtmlLibraryTest.php
@@ -3,6 +3,20 @@
class Scribunto_LuaHtmlLibraryTests extends Scribunto_LuaEngineTestBase {
protected static $moduleName = 'HtmlLibraryTests';
+ protected function setUp() {
+ parent::setUp();
+
+ // For strip marker test
+ $markers = array(
+ 'nowiki' => "\x7f'\"`UNIQ" . '-test-nowiki-' . Parser::MARKER_SUFFIX,
+ );
+ $interpreter = $this->getEngine()->getInterpreter();
+ $interpreter->callFunction(
+ $interpreter->loadString( 'mw.html.stripMarkers = ...', 'fortest' ),
+ $markers
+ );
+ }
+
function getTestModules() {
return parent::getTestModules() + array(
'HtmlLibraryTests' => __DIR__ . '/HtmlLibraryTests.lua',
diff --git a/tests/engines/LuaCommon/HtmlLibraryTests.lua b/tests/engines/LuaCommon/HtmlLibraryTests.lua
index b6deb74..3da1481 100644
--- a/tests/engines/LuaCommon/HtmlLibraryTests.lua
+++ b/tests/engines/LuaCommon/HtmlLibraryTests.lua
@@ -93,6 +93,15 @@ local function testComplex()
return builder
end
+local function testStripMarker()
+ local expect = '<div foo="' .. mw.html.stripMarkers.nowiki .. '"></div>'
+ local actual = tostring( getEmptyTestDiv():attr( 'foo', mw.html.stripMarkers.nowiki ) )
+ if actual ~= expect then
+ error( actual .. ' ~= ' .. expect )
+ end
+ return 'ok'
+end
+
-- Tests
local tests = {
-- Simple (inline) tests
@@ -289,6 +298,9 @@ local tests = {
'<hr /><div abc="def" style="width:-1px;"></div></div>'
}
},
+ { name = 'mw.html strip marker test', func = testStripMarker, type='ToString',
+ expect = { 'ok' }
+ },
}
return testframework.getTestProvider( tests )
--
2.6.6
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3682721
Default Alt Text
T110143-scribunto-REL1_23b.patch (5 KB)
Attached To
Mode
T135961: ParserTest_LuaCommon__luaParserTests::testParserTest fails on master
Attached
Detach File
T124940: MediaWiki 1.26.3 security release
Attached
Detach File
T110143: strip markers can be used to get around html attribute escaping in (many?) parser tags
Attached
Detach File
Event Timeline
Log In to Comment