CSteipp has uploaded a new change for review.
https://gerrit.wikimedia.org/r/59355
Change subject: Sanitize $limitReport before outputting
......................................................................
Sanitize $limitReport before outputting
Prevents possible injection of "-->" and other HTML by extensions using
the ParserLimitReport hook.
bug: 46084
Change-Id: Id97b6668da6df3e5e4c0acefffa00c82cac3c44a
---
M includes/parser/Parser.php
1 file changed, 5 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/55/59355/1
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 0247d3e..3ada925 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -501,6 +501,11 @@
"Highest expansion depth:
{$this->mHighestExpansionDepth}/{$this->mOptions->getMaxPPExpandDepth()}\n" .
$PFreport;
wfRunHooks( 'ParserLimitReport', array( $this,
&$limitReport ) );
+
+ // Sanitize for comment. Note '‐' in the replacement is
U+2010,
+ // which looks much like the problematic '-'.
+ $limitReport = str_replace( array( '-', '&' ), array(
'‐', '&' ), $limitReport );
+
$text .= "\n<!-- \n$limitReport-->\n";
if ( $this->mGeneratedPPNodeCount >
$this->mOptions->getMaxGeneratedPPNodeCount() / 10 ) {
--
To view, visit https://gerrit.wikimedia.org/r/59355
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id97b6668da6df3e5e4c0acefffa00c82cac3c44a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.22wmf2
Gerrit-Owner: CSteipp <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
