http://www.mediawiki.org/wiki/Special:Code/MediaWiki/82925
Revision: 82925
Author: tstarling
Date: 2011-02-28 02:35:57 +0000 (Mon, 28 Feb 2011)
Log Message:
-----------
Revert r81576: The fact that there are two checks, one close to the inclusion
and one exposed to the user, was a deliberate security measure. Only the fact
that they are the same was intended to be temporary.
Modified Paths:
--------------
trunk/phase3/languages/Language.php
Modified: trunk/phase3/languages/Language.php
===================================================================
--- trunk/phase3/languages/Language.php 2011-02-28 02:26:47 UTC (rev 82924)
+++ trunk/phase3/languages/Language.php 2011-02-28 02:35:57 UTC (rev 82925)
@@ -156,7 +156,9 @@
static $recursionLevel = 0;
// Protect against path traversal below
- if ( !Language::isValidCode( $code ) ) {
+ if ( !Language::isValidCode( $code )
+ || strcspn( $code, "/\\\000" ) !== strlen( $code ) )
+ {
throw new MWException( "Invalid language code
\"$code\"" );
}
@@ -2856,7 +2858,9 @@
*/
static function getFileName( $prefix = 'Language', $code, $suffix =
'.php' ) {
// Protect against path traversal
- if ( !Language::isValidCode( $code ) ) {
+ if ( !Language::isValidCode( $code )
+ || strcspn( $code, "/\\\000" ) !== strlen( $code ) )
+ {
throw new MWException( "Invalid language code
\"$code\"" );
}
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
