r11946 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r11945‎ \| r11946 \| r11947 >
Date:	10:53, 4 December 2005
Author:	vibber
Status:	old
Tags:
Comment:	* (bug 4165) Correct validation for user language selection (data taint)
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/Setup.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Setup.php
—	—	@@ -217,7 +217,7 @@
218	218	if ($wgLanguageCode == '')
219	219	$wgLanguageCode = $wgUser->getOption('language');
220	220	# Validate $wgLanguageCode, which will soon be sent to an eval()
221		~~-if( empty( $wgLanguageCode ) \|\| preg_match( '/^[^a-z-]*$/', $wgLanguageCode ) ) {~~
	221	+if( empty( $wgLanguageCode ) \|\| !preg_match( '/^[a-z]+(-[a-z]+)?$/', $wgLanguageCode ) ) {
222	222	$wgLanguageCode = $wgContLanguageCode;
223	223	}
224	224
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -291,6 +291,7 @@
292	292	patch by David Benbennick
293	293	* (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to
294	294	be rerendered on demand, sitewide
	295	+* (bug 4165) Correct validation for user language selection (data taint)
295	296
296	297
297	298	=== Caveats ===

Follow-up revisions

Revision	Commit summary	Author	Date
r11947	* (bug 4165) Correct validation for user language selection (data taint)	vibber	11:09, 4 December 2005
r11948	* (bug 4165) Correct validation for user language selection (data taint)	vibber	11:14, 4 December 2005

Status & tagging log

01:58, 13 October 2010 😂 (talk | contribs) changed the status of r11946 [removed: new added: old]