Alex Monk has submitted this change and it was merged.
Change subject: Sanitize $limitReport before outputting
......................................................................
Sanitize $limitReport before outputting
Prevents possible injection of "-->" and other HTML by extensions using
the ParserLimitReport hook.
bug: 46084
Change-Id: Id97b6668da6df3e5e4c0acefffa00c82cac3c44a
---
M includes/parser/Parser.php
1 file changed, 5 insertions(+), 0 deletions(-)
Approvals:
Alex Monk: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index d4f167c..8bdfa0e 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -460,6 +460,11 @@
"Template argument size:
{$this->mIncludeSizes['arg']}/$max bytes\n".
$PFreport;
wfRunHooks( 'ParserLimitReport', array( $this,
&$limitReport ) );
+
+ // Sanitize for comment. Note '‐' in the replacement is
U+2010,
+ // which looks much like the problematic '-'.
+ $limitReport = str_replace( array( '-', '&' ), array(
'‐', '&' ), $limitReport );
+
$text .= "\n<!-- \n$limitReport-->\n";
}
$this->mOutput->setText( $text );
--
To view, visit https://gerrit.wikimedia.org/r/59345
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id97b6668da6df3e5e4c0acefffa00c82cac3c44a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: CSteipp <[email protected]>
Gerrit-Reviewer: Alex Monk <[email protected]>
Gerrit-Reviewer: Daniel Friesen <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
