Daniel Friesen has uploaded a new change for review.
https://gerrit.wikimedia.org/r/67603
Change subject: (bug 49232) Always quote attribute values ending in a backslash.
......................................................................
(bug 49232) Always quote attribute values ending in a backslash.
Our edit token ends in a backslash as protection against badly written
anonymizing php proxies. These proxies pass everything through stripslashes
turning \" into " and corrupting pages that are edited by a user using them.
When `$wgWellFormedXml = false;` is set the value changes to value=+\
which breaks this feature as the " is no longer present to trip up these
proxies.
Change-Id: Ia47e89b374d04ecc6a97bcd7a4dffcd226d19b7d
---
M includes/Html.php
M tests/phpunit/includes/HtmlTest.php
2 files changed, 14 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/03/67603/1
diff --git a/includes/Html.php b/includes/Html.php
index a8432f8..28b381a 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -506,6 +506,9 @@
// marks omitted, but not all. (Although a literal "
is not
// permitted, we don't check for that, since it will be
escaped
// anyway.)
+ // As a special case if the string ends with a
backslash we always
+ // quote the string to ensure our edittoken's
protection against
+ // baddly written PHP proxies is not broken.
#
// See also research done on further characters that
need to be
// escaped:
http://code.google.com/p/html5lib/issues/detail?id=93
@@ -513,7 +516,7 @@
.
"\x{2002}\x{2003}\x{2004}\x{2005}\x{2006}\x{2007}\x{2008}\x{2009}"
.
"\x{200A}\x{2028}\x{2029}\x{202F}\x{205F}\x{3000}";
if ( $wgWellFormedXml || $value === ''
- || preg_match( "![$badChars]!u", $value ) ) {
+ || preg_match( "![$badChars]|\\\\$!u", $value ) ) {
$quote = '"';
} else {
$quote = '';
diff --git a/tests/phpunit/includes/HtmlTest.php
b/tests/phpunit/includes/HtmlTest.php
index ecfe418..e5fda4b 100644
--- a/tests/phpunit/includes/HtmlTest.php
+++ b/tests/phpunit/includes/HtmlTest.php
@@ -628,4 +628,14 @@
'Allow special case "step=any".'
);
}
+
+ /**
+ * Test to make sure that the \" pattern we use in edittokens
+ * (or preferably in the future in a dedicated param)
+ * is preserved by Html even when $wgWellFormedXml = false.
+ */
+ public function testBackslashQuote() {
+ $this->assertRegExp( '/\\"/', Html::hidden( "wpEditToken",
"+\\" ) );
+ }
+
}
--
To view, visit https://gerrit.wikimedia.org/r/67603
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia47e89b374d04ecc6a97bcd7a4dffcd226d19b7d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Daniel Friesen <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
