[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has uploaded a new change for review.
https://gerrit.wikimedia.org/r/201226
Change subject: SECURITY: Sanitize the content of Lua backtraces
..
SECURITY: Sanitize the content of Lua backtraces
Bug: T85113
Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
---
M engines/LuaCommon/LuaCommon.php
1 file changed, 10 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Scribunto
refs/changes/26/201226/1
diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php
index f8a6e2e..9f77234 100644
--- a/engines/LuaCommon/LuaCommon.php
+++ b/engines/LuaCommon/LuaCommon.php
@@ -936,25 +936,27 @@
}
if ( strval( $info['namewhat'] ) !== '' ) {
- $function = wfMessage(
'scribunto-lua-in-function', $info['name'] );
+ $function = wfMessage(
'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) );
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} elseif ( $info['what'] == 'main' ) {
$function = wfMessage( 'scribunto-lua-in-main'
);
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} else {
// C function, tail call, or a Lua function
where Lua can't
// guess the name
$function = '?';
}
- $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line', strong$src/strong, $function );
+ $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line' )
+ -rawParams( strong$src/strong )
+ -params( $function );
in_array( 'content', $msgOptions ) ?
- $backtraceLine =
$backtraceLine-inContentLanguage()-text() :
- $backtraceLine = $backtraceLine-text();
+ $backtraceLine =
$backtraceLine-inContentLanguage()-parse() :
+ $backtraceLine = $backtraceLine-parse();
$s .= li\n\t . $backtraceLine . \n/li\n;
}
--
To view, visit https://gerrit.wikimedia.org/r/201226
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Scribunto
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
jenkins-bot has submitted this change and it was merged.
Change subject: SECURITY: Sanitize the content of Lua backtraces
..
SECURITY: Sanitize the content of Lua backtraces
Bug: T85113
Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
---
M engines/LuaCommon/LuaCommon.php
1 file changed, 10 insertions(+), 8 deletions(-)
Approvals:
CSteipp: Looks good to me, approved
jenkins-bot: Verified
diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php
index f8a6e2e..9f77234 100644
--- a/engines/LuaCommon/LuaCommon.php
+++ b/engines/LuaCommon/LuaCommon.php
@@ -936,25 +936,27 @@
}
if ( strval( $info['namewhat'] ) !== '' ) {
- $function = wfMessage(
'scribunto-lua-in-function', $info['name'] );
+ $function = wfMessage(
'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) );
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} elseif ( $info['what'] == 'main' ) {
$function = wfMessage( 'scribunto-lua-in-main'
);
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} else {
// C function, tail call, or a Lua function
where Lua can't
// guess the name
$function = '?';
}
- $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line', strong$src/strong, $function );
+ $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line' )
+ -rawParams( strong$src/strong )
+ -params( $function );
in_array( 'content', $msgOptions ) ?
- $backtraceLine =
$backtraceLine-inContentLanguage()-text() :
- $backtraceLine = $backtraceLine-text();
+ $backtraceLine =
$backtraceLine-inContentLanguage()-parse() :
+ $backtraceLine = $backtraceLine-parse();
$s .= li\n\t . $backtraceLine . \n/li\n;
}
--
To view, visit https://gerrit.wikimedia.org/r/201226
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Scribunto
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has uploaded a new change for review.
https://gerrit.wikimedia.org/r/201056
Change subject: SECURITY: Sanitize the content of Lua backtraces
..
SECURITY: Sanitize the content of Lua backtraces
Bug: T85113
Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
---
M engines/LuaCommon/LuaCommon.php
1 file changed, 10 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Scribunto
refs/changes/56/201056/1
diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php
index 7e9e387..69cf0ae 100644
--- a/engines/LuaCommon/LuaCommon.php
+++ b/engines/LuaCommon/LuaCommon.php
@@ -735,25 +735,27 @@
}
if ( strval( $info['namewhat'] ) !== '' ) {
- $function = wfMessage(
'scribunto-lua-in-function', $info['name'] );
+ $function = wfMessage(
'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) );
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} elseif ( $info['what'] == 'main' ) {
$function = wfMessage( 'scribunto-lua-in-main'
);
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} else {
// C function, tail call, or a Lua function
where Lua can't
// guess the name
$function = '?';
}
- $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line', strong$src/strong, $function );
+ $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line' )
+ -rawParams( strong$src/strong )
+ -params( $function );
in_array( 'content', $msgOptions ) ?
- $backtraceLine =
$backtraceLine-inContentLanguage()-text() :
- $backtraceLine = $backtraceLine-text();
+ $backtraceLine =
$backtraceLine-inContentLanguage()-parse() :
+ $backtraceLine = $backtraceLine-parse();
$s .= li\n\t . $backtraceLine . \n/li\n;
}
--
To view, visit https://gerrit.wikimedia.org/r/201056
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Scribunto
Gerrit-Branch: REL1_23
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has submitted this change and it was merged.
Change subject: SECURITY: Sanitize the content of Lua backtraces
..
SECURITY: Sanitize the content of Lua backtraces
Bug: T85113
Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
---
M engines/LuaCommon/LuaCommon.php
1 file changed, 10 insertions(+), 8 deletions(-)
Approvals:
CSteipp: Verified; Looks good to me, approved
diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php
index 7e9e387..69cf0ae 100644
--- a/engines/LuaCommon/LuaCommon.php
+++ b/engines/LuaCommon/LuaCommon.php
@@ -735,25 +735,27 @@
}
if ( strval( $info['namewhat'] ) !== '' ) {
- $function = wfMessage(
'scribunto-lua-in-function', $info['name'] );
+ $function = wfMessage(
'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) );
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} elseif ( $info['what'] == 'main' ) {
$function = wfMessage( 'scribunto-lua-in-main'
);
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} else {
// C function, tail call, or a Lua function
where Lua can't
// guess the name
$function = '?';
}
- $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line', strong$src/strong, $function );
+ $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line' )
+ -rawParams( strong$src/strong )
+ -params( $function );
in_array( 'content', $msgOptions ) ?
- $backtraceLine =
$backtraceLine-inContentLanguage()-text() :
- $backtraceLine = $backtraceLine-text();
+ $backtraceLine =
$backtraceLine-inContentLanguage()-parse() :
+ $backtraceLine = $backtraceLine-parse();
$s .= li\n\t . $backtraceLine . \n/li\n;
}
--
To view, visit https://gerrit.wikimedia.org/r/201056
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Scribunto
Gerrit-Branch: REL1_23
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has submitted this change and it was merged.
Change subject: SECURITY: Sanitize the content of Lua backtraces
..
SECURITY: Sanitize the content of Lua backtraces
Bug: T85113
Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
---
M engines/LuaCommon/LuaCommon.php
1 file changed, 10 insertions(+), 8 deletions(-)
Approvals:
CSteipp: Verified; Looks good to me, approved
diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php
index cd55585..bd105af 100644
--- a/engines/LuaCommon/LuaCommon.php
+++ b/engines/LuaCommon/LuaCommon.php
@@ -847,25 +847,27 @@
}
if ( strval( $info['namewhat'] ) !== '' ) {
- $function = wfMessage(
'scribunto-lua-in-function', $info['name'] );
+ $function = wfMessage(
'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) );
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} elseif ( $info['what'] == 'main' ) {
$function = wfMessage( 'scribunto-lua-in-main'
);
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} else {
// C function, tail call, or a Lua function
where Lua can't
// guess the name
$function = '?';
}
- $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line', strong$src/strong, $function );
+ $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line' )
+ -rawParams( strong$src/strong )
+ -params( $function );
in_array( 'content', $msgOptions ) ?
- $backtraceLine =
$backtraceLine-inContentLanguage()-text() :
- $backtraceLine = $backtraceLine-text();
+ $backtraceLine =
$backtraceLine-inContentLanguage()-parse() :
+ $backtraceLine = $backtraceLine-parse();
$s .= li\n\t . $backtraceLine . \n/li\n;
}
--
To view, visit https://gerrit.wikimedia.org/r/201055
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Scribunto
Gerrit-Branch: REL1_24
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has uploaded a new change for review.
https://gerrit.wikimedia.org/r/201055
Change subject: SECURITY: Sanitize the content of Lua backtraces
..
SECURITY: Sanitize the content of Lua backtraces
Bug: T85113
Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
---
M engines/LuaCommon/LuaCommon.php
1 file changed, 10 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Scribunto
refs/changes/55/201055/1
diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php
index cd55585..bd105af 100644
--- a/engines/LuaCommon/LuaCommon.php
+++ b/engines/LuaCommon/LuaCommon.php
@@ -847,25 +847,27 @@
}
if ( strval( $info['namewhat'] ) !== '' ) {
- $function = wfMessage(
'scribunto-lua-in-function', $info['name'] );
+ $function = wfMessage(
'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) );
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} elseif ( $info['what'] == 'main' ) {
$function = wfMessage( 'scribunto-lua-in-main'
);
in_array( 'content', $msgOptions ) ?
- $function =
$function-inContentLanguage()-text() :
- $function = $function-text();
+ $function =
$function-inContentLanguage()-plain() :
+ $function = $function-plain();
} else {
// C function, tail call, or a Lua function
where Lua can't
// guess the name
$function = '?';
}
- $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line', strong$src/strong, $function );
+ $backtraceLine = wfMessage(
'scribunto-lua-backtrace-line' )
+ -rawParams( strong$src/strong )
+ -params( $function );
in_array( 'content', $msgOptions ) ?
- $backtraceLine =
$backtraceLine-inContentLanguage()-text() :
- $backtraceLine = $backtraceLine-text();
+ $backtraceLine =
$backtraceLine-inContentLanguage()-parse() :
+ $backtraceLine = $backtraceLine-parse();
$s .= li\n\t . $backtraceLine . \n/li\n;
}
--
To view, visit https://gerrit.wikimedia.org/r/201055
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Scribunto
Gerrit-Branch: REL1_24
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
