r14919 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r14918‎ | r14919 | r14920 >
Date:03:56, 23 June 2006
Author:tstarling
Status:old
Tags:
Comment:
Added check for newlines in redirects as a paranoia guard against header injection in PHP<5.1.2. Removed OutputPage::addHeader(), has been non-functioning for as long as I can remember.
Modified paths:
  • /trunk/phase3/includes/OutputPage.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/OutputPage.php
@@ -10,7 +10,7 @@
1111 * @package MediaWiki
1212 */
1313 class OutputPage {
14 - var $mHeaders, $mMetatags, $mKeywords;
 14+ var $mMetatags, $mKeywords;
1515 var $mLinktags, $mPagetitle, $mBodytext, $mDebugtext;
1616 var $mHTMLtitle, $mRobotpolicy, $mIsarticle, $mPrintable;
1717 var $mSubtitle, $mRedirect, $mStatusCode;
@@ -35,8 +35,7 @@
3636 * Initialise private variables
3737 */
3838 function OutputPage() {
39 - $this->mHeaders = $this->mMetatags =
40 - $this->mKeywords = $this->mLinktags = array();
 39+ $this->mMetatags = $this->mKeywords = $this->mLinktags = array();
4140 $this->mHTMLtitle = $this->mPagetitle = $this->mBodytext =
4241 $this->mRedirect = $this->mLastModified =
4342 $this->mSubtitle = $this->mDebugtext = $this->mRobotpolicy =
@@ -54,9 +53,13 @@
5554 $this->mRevisionId = null;
5655 $this->mNewSectionLink = false;
5756 }
 57+
 58+ function redirect( $url, $responsecode = '302' ) {
 59+ # Strip newlines as a paranoia check for header injection in PHP<5.1.2
 60+ $this->mRedirect = str_replace( "\n", '', $url );
 61+ $this->mRedirectCode = $responsecode;
 62+ }
5863
59 - function addHeader( $name, $val ) { array_push( $this->mHeaders, $name.': '.$val ); }
60 - function redirect( $url, $responsecode = '302' ) { $this->mRedirect = $url; $this->mRedirectCode = $responsecode; }
6164 function setStatusCode( $statusCode ) { $this->mStatusCode = $statusCode; }
6265
6366 # To add an http-equiv meta tag, precede the name with "http:"

Status & tagging log