Author: mr.heat

Description:
The file:

mediawiki/extensions/CentralNotice/special/SpecialBannerController.php

may crash with a "Malformed URI" exception when executing the line:

return decodeURIComponent( s.split( '+' ).join( ' ' ) );

Here is a very simple example to trigger this error:

http://de.wikipedia.org/w/index.php?title=Wikipedia:CentralNotice&action=edit&summary=%E4

I know, this *is* a malformed URI (it's not UTF-8). Thats not the problem. The problem is: This stops *all* other scripts including the WikiEditor. This is why I consider this a "blocker".

Expected behavior: The CentralNotice extension should never interfere with other scripts, not even if there *is* an error.

Solution: decodeURI and decodeURIComponent must *always* be surrounded by a try-catch block.

https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/extensions/CentralNotice.git;a=blame;f=special/SpecialBannerController.php;h=531072f79f22a6797070a6828284f91114f515ff;hb=HEAD

Version: master
Severity: major