CSteipp has submitted this change and it was merged.
Change subject: Sanitize $limitReport before outputting
......................................................................
Sanitize $limitReport before outputting
Prevents possible injection of "-->" and other HTML by extensions using
the ParserLimitReport hook.
bug: 46084
Change-Id: Id97b6668da6df3e5e4c0acefffa00c82cac3c44a
---
M includes/parser/Parser.php
1 file changed, 5 insertions(+), 0 deletions(-)
Approvals:
CSteipp: Verified; Looks good to me, approved
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 0247d3e..3ada925 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -501,6 +501,11 @@
"Highest expansion depth:
{$this->mHighestExpansionDepth}/{$this->mOptions->getMaxPPExpandDepth()}\n" .
$PFreport;
wfRunHooks( 'ParserLimitReport', array( $this,
&$limitReport ) );
+
+ // Sanitize for comment. Note '‐' in the replacement is
U+2010,
+ // which looks much like the problematic '-'.
+ $limitReport = str_replace( array( '-', '&' ), array(
'‐', '&' ), $limitReport );
+
$text .= "\n<!-- \n$limitReport-->\n";
if ( $this->mGeneratedPPNodeCount >
$this->mOptions->getMaxGeneratedPPNodeCount() / 10 ) {
--
To view, visit https://gerrit.wikimedia.org/r/59197
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id97b6668da6df3e5e4c0acefffa00c82cac3c44a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
