r14587 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r14586‎ \| r14587 \| r14588 >
Date:	08:07, 6 June 2006
Author:	brion
Status:	old
Tags:
Comment:	Another security backport from HEAD, forgotten... * Increase robustness of parser placeholders; fixes some glitches when adjacent to identifier-ish constructs such as URLs.
Modified paths:	/branches/REL1_6/phase3/RELEASE-NOTES (modified) (history) /branches/REL1_6/phase3/includes/Parser.php (modified) (history) /branches/REL1_6/phase3/maintenance/parserTests.txt (modified) (history)

Diff [purge]

Index: branches/REL1_6/phase3/maintenance/parserTests.txt
—	—	@@ -1282,7 +1282,7 @@
1283	1283	!! input
1284	1284	[[Main<nowiki> Page</nowiki>]] [[Main Page\|the main page <nowiki>[it's not very good]</nowiki>]]
1285	1285	!! result
1286		~~-<p><a href="https://www.mediawiki.org/wiki/Main_Page" title="Main Page">Main Page</a> <a href="https://www.mediawiki.org/wiki/Main_Page" title="Main Page">the main page [it's not very good]</a>~~
	1286	+<p>[[Main Page]] <a href="https://www.mediawiki.org/wiki/Main_Page" title="Main Page">the main page [it's not very good]</a>
1287	1287	</p>
1288	1288	!! end
1289	1289
—	—	@@ -4097,6 +4097,36 @@
4098	4098
4099	4099	!! end
4100	4100
	4101	+!!test
	4102	+Fuzz testing: URL adjacent extension (with space, clean)
	4103	+!! options
	4104	+!! input
	4105	+http://example.com <nowiki>junk</nowiki>
	4106	+!! result
	4107	+<p><a href="http://example.com" class='external free' title="http://example.com" rel="nofollow">http://example.com</a> junk
	4108	+</p>
	4109	+!!end
	4110	+
	4111	+!!test
	4112	+Fuzz testing: URL adjacent extension (no space, dirty; nowiki)
	4113	+!! options
	4114	+!! input
	4115	+http://example.com<nowiki>junk</nowiki>
	4116	+!! result
	4117	+<p><a href="http://example.com" class='external free' title="http://example.com" rel="nofollow">http://example.com</a>junk
	4118	+</p>
	4119	+!!end
	4120	+
	4121	+!!test
	4122	+Fuzz testing: URL adjacent extension (no space, dirty; pre)
	4123	+!! options
	4124	+!! input
	4125	+http://example.com<pre>junk</pre>
	4126	+!! result
	4127	+<a href="http://example.com" class='external free' title="http://example.com" rel="nofollow">http://example.com</a><pre>junk</pre>
	4128	+
	4129	+!!end
	4130	+
4101	4131	#
4102	4132	#
4103	4133	#
Index: branches/REL1_6/phase3/includes/Parser.php
—	—	@@ -152,7 +152,15 @@
153	153	'titles' => array()
154	154	);
155	155	$this->mRevisionId = null;
156		~~- $this->mUniqPrefix = 'UNIQ' . Parser::getRandomString();~~
	156	+
	157	+ /**
	158	+ * Prefix for temporary replacement strings for the multipass parser.
	159	+ * \x07 should never appear in input as it's disallowed in XML.
	160	+ * Using it at the front also gives us a little extra robustness
	161	+ * since it shouldn't match when butted up against identifier-like
	162	+ * string constructs.
	163	+ */
	164	+ $this->mUniqPrefix = "\x07UNIQ" . Parser::getRandomString();
157	165
158	166	# Clear these on every parse, bug 4549
159	167	$this->mTemplates = array();
Index: branches/REL1_6/phase3/RELEASE-NOTES
—	—	@@ -27,7 +27,8 @@
28	28	* (bug 6017) Update bookstore list for German language (de)
29	29	* (bug 6138) Minor grammar tweak in "loginreqlink"
30	30	* (bug 5957) Update for Hebrew language (he)
31		~~-* Fix oddity with open tag parameters getting stuck on </li>~~
	31	+* Increase robustness of parser placeholders; fixes some glitches when
	32	+ adjacent to identifier-ish constructs such as URLs.
32	33	* (bug 5384) Fix <!-- comments --> in <ref> extension
33	34	* Nesting of different tag extensions and comments should now work more
34	35	consistently and more safely. A cleaner, one-pass tag strip lets the

Status & tagging log

01:58, 13 October 2010 😂 (talk | contribs) changed the status of r14587 [removed: new added: old]