[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201226 Change subject: SECURITY: Sanitize the content of Lua backtraces .. SECURITY: Sanitize the content of Lua backtraces Bug: T85113 Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 --- M engines/LuaCommon/LuaCommon.php 1 file changed, 10 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Scribunto refs/changes/26/201226/1 diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php index f8a6e2e..9f77234 100644 --- a/engines/LuaCommon/LuaCommon.php +++ b/engines/LuaCommon/LuaCommon.php @@ -936,25 +936,27 @@ } if ( strval( $info['namewhat'] ) !== '' ) { - $function = wfMessage( 'scribunto-lua-in-function', $info['name'] ); + $function = wfMessage( 'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } elseif ( $info['what'] == 'main' ) { $function = wfMessage( 'scribunto-lua-in-main' ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } else { // C function, tail call, or a Lua function where Lua can't // guess the name $function = '?'; } - $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line', strong$src/strong, $function ); + $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line' ) + -rawParams( strong$src/strong ) + -params( $function ); in_array( 'content', $msgOptions ) ? - $backtraceLine = $backtraceLine-inContentLanguage()-text() : - $backtraceLine = $backtraceLine-text(); + $backtraceLine = $backtraceLine-inContentLanguage()-parse() : + $backtraceLine = $backtraceLine-parse(); $s .= li\n\t . $backtraceLine . \n/li\n; } -- To view, visit https://gerrit.wikimedia.org/r/201226 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Scribunto Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
jenkins-bot has submitted this change and it was merged. Change subject: SECURITY: Sanitize the content of Lua backtraces .. SECURITY: Sanitize the content of Lua backtraces Bug: T85113 Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 --- M engines/LuaCommon/LuaCommon.php 1 file changed, 10 insertions(+), 8 deletions(-) Approvals: CSteipp: Looks good to me, approved jenkins-bot: Verified diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php index f8a6e2e..9f77234 100644 --- a/engines/LuaCommon/LuaCommon.php +++ b/engines/LuaCommon/LuaCommon.php @@ -936,25 +936,27 @@ } if ( strval( $info['namewhat'] ) !== '' ) { - $function = wfMessage( 'scribunto-lua-in-function', $info['name'] ); + $function = wfMessage( 'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } elseif ( $info['what'] == 'main' ) { $function = wfMessage( 'scribunto-lua-in-main' ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } else { // C function, tail call, or a Lua function where Lua can't // guess the name $function = '?'; } - $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line', strong$src/strong, $function ); + $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line' ) + -rawParams( strong$src/strong ) + -params( $function ); in_array( 'content', $msgOptions ) ? - $backtraceLine = $backtraceLine-inContentLanguage()-text() : - $backtraceLine = $backtraceLine-text(); + $backtraceLine = $backtraceLine-inContentLanguage()-parse() : + $backtraceLine = $backtraceLine-parse(); $s .= li\n\t . $backtraceLine . \n/li\n; } -- To view, visit https://gerrit.wikimedia.org/r/201226 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Scribunto Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Anomie bjor...@wikimedia.org Gerrit-Reviewer: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201056 Change subject: SECURITY: Sanitize the content of Lua backtraces .. SECURITY: Sanitize the content of Lua backtraces Bug: T85113 Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 --- M engines/LuaCommon/LuaCommon.php 1 file changed, 10 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Scribunto refs/changes/56/201056/1 diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php index 7e9e387..69cf0ae 100644 --- a/engines/LuaCommon/LuaCommon.php +++ b/engines/LuaCommon/LuaCommon.php @@ -735,25 +735,27 @@ } if ( strval( $info['namewhat'] ) !== '' ) { - $function = wfMessage( 'scribunto-lua-in-function', $info['name'] ); + $function = wfMessage( 'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } elseif ( $info['what'] == 'main' ) { $function = wfMessage( 'scribunto-lua-in-main' ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } else { // C function, tail call, or a Lua function where Lua can't // guess the name $function = '?'; } - $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line', strong$src/strong, $function ); + $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line' ) + -rawParams( strong$src/strong ) + -params( $function ); in_array( 'content', $msgOptions ) ? - $backtraceLine = $backtraceLine-inContentLanguage()-text() : - $backtraceLine = $backtraceLine-text(); + $backtraceLine = $backtraceLine-inContentLanguage()-parse() : + $backtraceLine = $backtraceLine-parse(); $s .= li\n\t . $backtraceLine . \n/li\n; } -- To view, visit https://gerrit.wikimedia.org/r/201056 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Scribunto Gerrit-Branch: REL1_23 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has submitted this change and it was merged. Change subject: SECURITY: Sanitize the content of Lua backtraces .. SECURITY: Sanitize the content of Lua backtraces Bug: T85113 Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 --- M engines/LuaCommon/LuaCommon.php 1 file changed, 10 insertions(+), 8 deletions(-) Approvals: CSteipp: Verified; Looks good to me, approved diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php index 7e9e387..69cf0ae 100644 --- a/engines/LuaCommon/LuaCommon.php +++ b/engines/LuaCommon/LuaCommon.php @@ -735,25 +735,27 @@ } if ( strval( $info['namewhat'] ) !== '' ) { - $function = wfMessage( 'scribunto-lua-in-function', $info['name'] ); + $function = wfMessage( 'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } elseif ( $info['what'] == 'main' ) { $function = wfMessage( 'scribunto-lua-in-main' ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } else { // C function, tail call, or a Lua function where Lua can't // guess the name $function = '?'; } - $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line', strong$src/strong, $function ); + $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line' ) + -rawParams( strong$src/strong ) + -params( $function ); in_array( 'content', $msgOptions ) ? - $backtraceLine = $backtraceLine-inContentLanguage()-text() : - $backtraceLine = $backtraceLine-text(); + $backtraceLine = $backtraceLine-inContentLanguage()-parse() : + $backtraceLine = $backtraceLine-parse(); $s .= li\n\t . $backtraceLine . \n/li\n; } -- To view, visit https://gerrit.wikimedia.org/r/201056 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Scribunto Gerrit-Branch: REL1_23 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has submitted this change and it was merged. Change subject: SECURITY: Sanitize the content of Lua backtraces .. SECURITY: Sanitize the content of Lua backtraces Bug: T85113 Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 --- M engines/LuaCommon/LuaCommon.php 1 file changed, 10 insertions(+), 8 deletions(-) Approvals: CSteipp: Verified; Looks good to me, approved diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php index cd55585..bd105af 100644 --- a/engines/LuaCommon/LuaCommon.php +++ b/engines/LuaCommon/LuaCommon.php @@ -847,25 +847,27 @@ } if ( strval( $info['namewhat'] ) !== '' ) { - $function = wfMessage( 'scribunto-lua-in-function', $info['name'] ); + $function = wfMessage( 'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } elseif ( $info['what'] == 'main' ) { $function = wfMessage( 'scribunto-lua-in-main' ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } else { // C function, tail call, or a Lua function where Lua can't // guess the name $function = '?'; } - $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line', strong$src/strong, $function ); + $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line' ) + -rawParams( strong$src/strong ) + -params( $function ); in_array( 'content', $msgOptions ) ? - $backtraceLine = $backtraceLine-inContentLanguage()-text() : - $backtraceLine = $backtraceLine-text(); + $backtraceLine = $backtraceLine-inContentLanguage()-parse() : + $backtraceLine = $backtraceLine-parse(); $s .= li\n\t . $backtraceLine . \n/li\n; } -- To view, visit https://gerrit.wikimedia.org/r/201055 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Scribunto Gerrit-Branch: REL1_24 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Anomie bjor...@wikimedia.org Gerrit-Reviewer: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201055 Change subject: SECURITY: Sanitize the content of Lua backtraces .. SECURITY: Sanitize the content of Lua backtraces Bug: T85113 Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 --- M engines/LuaCommon/LuaCommon.php 1 file changed, 10 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Scribunto refs/changes/55/201055/1 diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php index cd55585..bd105af 100644 --- a/engines/LuaCommon/LuaCommon.php +++ b/engines/LuaCommon/LuaCommon.php @@ -847,25 +847,27 @@ } if ( strval( $info['namewhat'] ) !== '' ) { - $function = wfMessage( 'scribunto-lua-in-function', $info['name'] ); + $function = wfMessage( 'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } elseif ( $info['what'] == 'main' ) { $function = wfMessage( 'scribunto-lua-in-main' ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } else { // C function, tail call, or a Lua function where Lua can't // guess the name $function = '?'; } - $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line', strong$src/strong, $function ); + $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line' ) + -rawParams( strong$src/strong ) + -params( $function ); in_array( 'content', $msgOptions ) ? - $backtraceLine = $backtraceLine-inContentLanguage()-text() : - $backtraceLine = $backtraceLine-text(); + $backtraceLine = $backtraceLine-inContentLanguage()-parse() : + $backtraceLine = $backtraceLine-parse(); $s .= li\n\t . $backtraceLine . \n/li\n; } -- To view, visit https://gerrit.wikimedia.org/r/201055 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Scribunto Gerrit-Branch: REL1_24 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits