Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F4326062
T125163-REL1_27
No One
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Bawolff
Aug 1 2016, 12:19 PM
2016-08-01 12:19:32 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
T125163-REL1_27
View Options
From 98ea750700ba550f0b2308b574831e3c8f407c32 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Thu, 28 Jan 2016 18:04:01 -0500
Subject: [PATCH] Make anchor for headlines escape > and <
As a hardening step against language converter and its crazy regexes.
Change-Id: I0d253611fbb8d12cb5c937e36fdb122efe186943
---
includes/Linker.php | 2 ++
1 file changed, 2 insertions(+)
diff --git a/includes/Linker.php b/includes/Linker.php
index 5717fba..5951788 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1799,11 +1799,13 @@ class Linker {
public static function makeHeadline( $level, $attribs, $anchor, $html,
$link, $legacyAnchor = false
) {
+ $anchor = htmlspecialchars( $anchor );
$ret = "<h$level$attribs"
. "<span class=\"mw-headline\" id=\"$anchor\">$html</span>"
. $link
. "</h$level>";
if ( $legacyAnchor !== false ) {
+ $legacyAnchor = htmlspecialchars( $legacyAnchor );
$ret = "<div id=\"$legacyAnchor\"></div>$ret";
}
return $ret;
--
1.9.5 (Apple Git-50.3)
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3896757
Default Alt Text
T125163-REL1_27 (1 KB)
Attached To
Mode
T125163: id attribute on headlines allow raw > [Possible issue in combination with language converter] (CVE-2017-8812)
Attached
Detach File
Event Timeline
Log In to Comment