jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/391730 )
Change subject: SECURITY: Escape internal error message
......................................................................
SECURITY: Escape internal error message
This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.
Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
(cherry picked from commit fea3bbcdae4f052f769ab466df6e1f5d47d1383c)
---
M includes/exception/MWException.php
M includes/exception/MWExceptionRenderer.php
2 files changed, 18 insertions(+), 15 deletions(-)
Approvals:
Chad: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/exception/MWException.php
b/includes/exception/MWException.php
index c633431..6d95919 100644
--- a/includes/exception/MWException.php
+++ b/includes/exception/MWException.php
@@ -103,13 +103,15 @@
$logId = WebRequest::getRequestId();
$type = static::class;
return Html::errorBox(
- '[' . $logId . '] ' .
- gmdate( 'Y-m-d H:i:s' ) . ": " .
- $this->msg( "internalerror-fatal-exception",
- "Fatal exception of type $1",
- $type,
- $logId,
- MWExceptionHandler::getURL( $this )
+ htmlspecialchars(
+ '[' . $logId . '] ' .
+ gmdate( 'Y-m-d H:i:s' ) . ": " .
+ $this->msg( "internalerror-fatal-exception",
+ "Fatal exception of type $1",
+ $type,
+ $logId,
+ MWExceptionHandler::getURL( $this )
+ )
) ) .
"<!-- Set \$wgShowExceptionDetails = true; " .
"at the bottom of LocalSettings.php to show detailed " .
diff --git a/includes/exception/MWExceptionRenderer.php
b/includes/exception/MWExceptionRenderer.php
index bb5e4f4..dbb984d 100644
--- a/includes/exception/MWExceptionRenderer.php
+++ b/includes/exception/MWExceptionRenderer.php
@@ -169,14 +169,15 @@
} else {
$logId = WebRequest::getRequestId();
$html = "<div class=\"errorbox mw-content-ltr\">" .
- '[' . $logId . '] ' .
- gmdate( 'Y-m-d H:i:s' ) . ": " .
- self::msg( "internalerror-fatal-exception",
- "Fatal exception of type $1",
- get_class( $e ),
- $logId,
- MWExceptionHandler::getURL()
- ) . "</div>\n" .
+ htmlspecialchars(
+ '[' . $logId . '] ' .
+ gmdate( 'Y-m-d H:i:s' ) . ": " .
+ self::msg(
"internalerror-fatal-exception",
+ "Fatal exception of type $1",
+ get_class( $e ),
+ $logId,
+ MWExceptionHandler::getURL()
+ ) ) . "</div>\n" .
"<!-- " . wordwrap(
self::getShowBacktraceError( $e ), 50 ) . " -->";
}
--
To view, visit https://gerrit.wikimedia.org/r/391730
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.31.0-wmf.8
Gerrit-Owner: Chad <[email protected]>
Gerrit-Reviewer: Brian Wolff <[email protected]>
Gerrit-Reviewer: Chad <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
