r37721 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r37720‎ \| r37721 \| r37722 >
Date:	21:45, 15 July 2008
Author:	brion
Status:	old
Tags:
Comment:	Reverting r37713 -- insufficient input validation is not a replacement for proper output escaping. ";alert(document.cookie);' is a perfectly valid title, but will still inject executable JavaScript into the output.
Modified paths:	/trunk/extensions/redircite/redircite.php (modified) (history)

Diff [purge]

Index: trunk/extensions/redircite/redircite.php
—	—	@@ -1,5 +1,7 @@
2	2	<?php
3	3
	4	+die("redircite extension disabled -- contains HTML injection vulnerabilities.");
	5	+
4	6	/**
5	7	* This program is free software; you can redistribute it and/or modify
6	8	* it under the terms of the GNU General Public License as published by
—	—	@@ -48,15 +50,11 @@
49	51	// which will be translated to the HTML stored in $redirciteMarkerList by
50	52	// redircite_afterTidy()
51	53	global $redirciteMarkerList;
52		~~- # Verify that $input is a valid title~~
53		~~- $inputTitle = Title::newFromText($input);~~
54		~~- if(!$inputTitle)~~
55		~~- return $input;~~
56	54	$lparse = clone $parser;
57	55	$link1 = $lparse->parse("[[$input]]", $parser->mTitle, $parser->mOptions, false, false);
58	56	$link1text = $link1->getText();
59	57	$title1 = Title::newFromText($input);
60		~~- if(!$title1->exists()) // Page doesn't exist~~
	58	+ if(!$title1) // Page doesn't exist
61	59	// Just output a normal (red) link
62	60	return $link1text;
63	61	$articleObj = new Article($title1);

Revision	Commit summary	Author	Date
r37713	Redircite: Validating $input. This should fix the HTML injection issue.	catrope	21:01, 15 July 2008

15:29, 12 September 2011 Meno25 (talk | contribs) changed the status of r37721 [removed: ok added: old]