r49586 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r49585‎ \| r49586 \| r49587 >
Date:	23:42, 16 April 2009
Author:	siebrand
Status:	reverted (Comments)
Tags:
Comment:	(bug 17949) Add support to chose language and colorscheme to SyntaxHighlight_vim. Patch contributed by Ben Roberts.
Modified paths:	/trunk/extensions/SyntaxHighlight_vim/Syntax.php (modified) (history) /trunk/extensions/SyntaxHighlight_vim/SyntaxHook.php (modified) (history) /trunk/extensions/SyntaxHighlight_vim/vimrc.vim (modified) (history)

Diff [purge]

Index: trunk/extensions/SyntaxHighlight_vim/vimrc.vim
—	—	@@ -4,6 +4,6 @@
5	5
6	6	set uc=0 " Disable swap files
7	7
8		~~-set background=dark~~
	8	+set background=light
9	9
10	10	colorscheme pablo
Index: trunk/extensions/SyntaxHighlight_vim/Syntax.php
—	—	@@ -19,9 +19,10 @@
20	20	function wfSyntax() {
21	21	wfUsePHP( 5.1 );
22	22	wfUseMW( '1.6alpha' );
23		-
	23	+
24	24	class Syntax {
25	25	private $mIn;
	26	+ private $mInFormat, $mColorscheme;
26	27	private $mInFile, $mOutFile;
27	28	private $mVimrc;
28	29
—	—	@@ -29,11 +30,13 @@
30	31	$this->mVimrc = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'vimrc.vim';
31	32
32	33	$this->mIn = $in;
	34	+ $this->mInFormat = $format;
	35	+ $this->mColorscheme = $colorscheme;
33	36	}
34	37
35	38	public function getOut() {
36	39	$this->genTemp();
37		-
	40	+
38	41	if ( ! $handle = fopen( $this->mInFile, 'a' ) )
39	42	die( 'AAAAAAA' );
40	43	if ( fwrite( $handle, $this->mIn ) === false )
—	—	@@ -45,7 +48,7 @@
46	49	$html = preg_replace( '~</p>\s</body>.?$~s', '</style>', $html );
47	50
48	51	$this->rmTemp();
49		-
	52	+
50	53	return $html;
51	54	}
52	55
—	—	@@ -53,19 +56,22 @@
54	57	$this->mInFile = $this->mktemp();
55	58	$this->mOutFile = $this->mktemp();
56	59	}
57		-
	60	+
58	61	private static function mktemp() {
59	62	return rtrim( shell_exec( 'mktemp -u' ), "\n" );
60	63	}
61		-
	64	+
62	65	private function rmTemp() {
63	66	unlink( $this->mInFile );
64	67	unlink( $this->mOutFile );
65	68	}
66	69
67	70	private function run() {
68		~~- shell_exec( "vim -u {$this->mVimrc} -e +'run! syntax/2html.vim' +':w {$this->mOutFile}' +':qa!' {$this->mInFile}" );~~
69		-
	71	+ $commands = '';
	72	+ if( $this->mInFormat ) { $commands .= "+'set filetype={$this->mInFormat}' "; }
	73	+ if( $this->mColorscheme ) { $commands .= "+'colorscheme {$this->mColorscheme}' "; }
	74	+ shell_exec( "vim -u {$this->mVimrc} -e {$commands} +'run! syntax/2html.vim' +':w {$this->mOutFile}' +':qa!' {$this->mInFile}" );
	75	+
70	76	return file_get_contents( $this->mOutFile );
71	77	}
72	78	}
Index: trunk/extensions/SyntaxHighlight_vim/SyntaxHook.php
—	—	@@ -33,8 +33,13 @@
34	34
35	35	public function hook( $in, array $argv ) {
36	36	$in = ltrim( $in, "\n" );
37		~~- $syntax = new Syntax( $in );~~
38	37
	38	+ $format = $colorscheme = null;
	39	+ if( isset( $argv['lang'] ) ) { $format = $argv['lang']; }
	40	+ if( isset( $argv['colorscheme'] ) ) { $colorscheme = $argv['colorscheme']; }
	41	+
	42	+ $syntax = new Syntax( $in, $format, $colorscheme );
	43	+
39	44	return $syntax->getOut();
40	45	}
41	46	}

Follow-up revisions

Revision	Commit summary	Author	Date
r51425	Reverted r49586, shell injection vulnerability noted on CodeReview.	tstarling	17:13, 3 June 2009

Comments

#Comment by Brion VIBBER (talk | contribs) 23:48, 28 April 2009

I don't see any validation on input here; looks like a shell injection vulnerability.

Status & tagging log

17:16, 3 June 2009 Tim Starling (talk | contribs) changed the status of r49586 [removed: fixme added: reverted]
23:48, 28 April 2009 Brion VIBBER (talk | contribs) changed the status of r49586 [removed: new added: fixme]