As reported by Yorick Koster <yorick.koster@securify.nl>:
```
To: security@wikimedia.org
From: Yorick Koster <yorick.koster@securify.nl>
Subject: SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options
Organization: Securify B.V.
Message-ID: <473b5511-e7f1-8c88-120b-70929c6c2326@securify.nl>
Hi,
I've found a security vulnerability in the SyntaxHighlight extension.
The details are attached. A quick fix would be to cast the start
parameter to int.
// Starting line number
if ( isset( $args['start'] ) ) {
$options['linenostart'] = (int)$args['start'];
}
Cheers,
Yorick
--
Yorick Koster
Co-founder
Securify (KvK. 58043624)
Mobile: +31(0)6 15 325 647
Web: www.securify.nl
E-mail: yorick.koster@securify.nl
```
Original e-mail attachments:
{F5744651}
{F5744653}