Page MenuHomePhabricator
Files F4307607

T119158-part2-REL1_23.patch
No One
Actions

Authored By
Bawolff
Jul 26 2016, 1:45 AM
Size
1 KB
Referenced Files
None
Subscribers
None

T119158-part2-REL1_23.patch
View Options

From d8260c429d5cce11b9284f337b749ee50a064355 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Sun, 24 Jan 2016 09:56:25 -0500
Subject: [PATCH] SECURITY: Use more complicated regex for detecting html
(Hopefully will detect if there is an unescaped '>' inside attribute)
Bug: T119158
Change-Id: Iabbd926eab13a218bf92b20b54d83f611c3e4830
---
languages/LanguageConverter.php | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index ade9419..ac0c868 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -381,9 +381,12 @@ class LanguageConverter {
$scriptfix = '<script[^>]*+>[^<]*+(?:(?:(?!<\/script>).)[^<]*+)*+<\/script>|';
// disable conversion of <pre> tags
$prefix = '<pre[^>]*+>[^<]*+(?:(?:(?!<\/pre>).)[^<]*+)*+<\/pre>|';
+ // The "|.*+)" at the end, is in case we missed some part of html syntax,
+ // we will fail securely (hopefully) by matching the rest of the string.
+ $htmlFullTag = '<(?:[^>=]*+(?>[^>=]*+=\s*+(?:"[^"]*"|\'[^\']*\'|[^\'">\s]*+))*+[^>=]*+>|.*+)|';
- $reg = '/' . $codefix . $scriptfix . $prefix .
- '<[^>]++>|&[a-zA-Z#][a-z0-9]++;' . $marker . $htmlfix . '|\004$/s';
+ $reg = '/' . $codefix . $scriptfix . $prefix . $htmlFullTag .
+ '&[a-zA-Z#][a-z0-9]++;' . $marker . $htmlfix . '|\004$/s';
$startPos = 0;
$sourceBlob = '';
$literalBlob = '';
--
1.9.5 (Apple Git-50.3)

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3885991
Default Alt Text
T119158-part2-REL1_23.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits