[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Fix handling of CommentStore and insertSelect

Mon, 18 Sep 2017 16:42:27 -0700 

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/378818 )

Change subject: SECURITY: Fix handling of CommentStore and insertSelect
......................................................................


SECURITY: Fix handling of CommentStore and insertSelect

CommentStore->insert() takes the raw comment, not quoted, and returns
fields appropriate for passing as $a to IDatabase->insert() or $values
to ->update(). Such fields need to be passed through
IDatabase->addQuotes() to be appropriate for passing in $varMap to
IDatabase->insertSelect().

Change-Id: Ie64b279ee7cf9c8c396af385e46c826e0597ab1e
---
M includes/filerepo/file/LocalFile.php
1 file changed, 4 insertions(+), 2 deletions(-)

Approvals:
  Tim Starling: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/filerepo/file/LocalFile.php 
b/includes/filerepo/file/LocalFile.php
index 4c0dea2..fd0f3f3 100644
--- a/includes/filerepo/file/LocalFile.php
+++ b/includes/filerepo/file/LocalFile.php
@@ -2307,7 +2307,6 @@
 
                $encTimestamp = $dbw->addQuotes( $dbw->timestamp( $now ) );
                $encUserId = $dbw->addQuotes( $this->user->getId() );
-               $encReason = $dbw->addQuotes( $this->reason );
                $encGroup = $dbw->addQuotes( 'deleted' );
                $ext = $this->file->getExtension();
                $dotExt = $ext === '' ? '' : ".$ext";
@@ -2350,7 +2349,10 @@
                        ];
                        $joins = [];
 
-                       $fields += $commentStoreFaReason->insert( $dbw, 
$encReason );
+                       $fields += array_map(
+                               [ $dbw, 'addQuotes' ],
+                               $commentStoreFaReason->insert( $dbw, 
$this->reason )
+                       );
 
                        if ( $wgCommentTableSchemaMigrationStage <= 
MIGRATION_WRITE_BOTH ) {
                                $fields['fa_description'] = 'img_description';

-- 
To view, visit https://gerrit.wikimedia.org/r/378818
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie64b279ee7cf9c8c396af385e46c826e0597ab1e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Tim Starling <tstarl...@wikimedia.org>
Gerrit-Reviewer: Aaron Schulz <asch...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Tim Starling <tstarl...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to