r13302 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r13301‎ \| r13302 \| r13303 >
Date:	16:43, 24 March 2006
Author:	gabrielwicke
Status:	old
Tags:
Comment:	Fix JS injection vulnerability and test case
Modified paths:	/trunk/phase3/includes/Parser.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Parser.php
—	—	@@ -1416,7 +1416,9 @@
1417	1417	$m[3] = $n[1];
1418	1418	}
1419	1419	# fix up urlencoded title texts
1420		~~- if(preg_match('/%/', $m[1] )) $m[1] = urldecode($m[1]);~~
	1420	+ if(preg_match('/%/', $m[1] ))
	1421	+ # Should anchors '#' also be rejected?
	1422	+ $m[1] = str_replace( array('<', '>'), array('<', '>'), urldecode($m[1]) );
1421	1423	$trail = $m[3];
1422	1424	} elseif( preg_match($e1_img, $line, $m) ) { # Invalid, but might be an image with a link in its caption
1423	1425	$might_be_img = true;

01:58, 13 October 2010 😂 (talk | contribs) changed the status of r13302 [removed: new added: old]