r50477 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r50476‎ \| r50477 \| r50478 >
Date:	12:31, 11 May 2009
Author:	tstarling
Status:	deferred
Tags:
Comment:	* Fix register_globals inclusion vulnerability * Fix register_globals configuration variable injection * Defer Parser::setFunctionHook until ParserFirstCallInit
Modified paths:	/trunk/extensions/Widgets/Widgets.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Widgets/Widgets.php
—	—	@@ -7,6 +7,11 @@
8	8	* @version $Id: Widgets.php 15 2008-06-25 21:22:40Z sergey.chernyshev $
9	9	*/
10	10
	11	+if ( !defined( 'MEDIAWIKI' ) ) {
	12	+ echo "This file is not a valid entry point.";
	13	+ exit( 1 );
	14	+}
	15	+
11	16	$wgExtensionCredits['parserhook'][] = array(
12	17	'path' => __FILE__,
13	18	'name' => 'Widgets',
—	—	@@ -16,21 +21,24 @@
17	22	'url' => 'http://www.mediawiki.org/wiki/Extension:Widgets'
18	23	);
19	24
	25	+/**
	26	+ * Set this to the index of the Widget namespace
	27	+ */
	28	+$widgetNamespaceIndex = 274;
	29	+
	30	+
20	31	// Initialize Smarty
21	32
22		~~-require "$IP/extensions/Widgets/smarty/Smarty.class.php";~~
	33	+require dirname(__FILE__)."/smarty/Smarty.class.php";
23	34
24	35	// Parser function registration
25		~~-$wgExtensionFunctions[] = 'widgetParserFunctions';~~
	36	+$wgExtensionFunctions[] = 'widgetNamespacesInit';
26	37	$wgHooks['LanguageGetMagic'][] = 'widgetLanguageGetMagic';
	38	+$wgHooks['ParserFirstCallInit'][] = 'widgetParserFunctions';
27	39
28		~~-// Init Widget namespaces~~
29		~~-widgetNamespacesInit();~~
30		-
31		~~-function widgetParserFunctions()~~
	40	+function widgetParserFunctions( &$parser )
32	41	{
33		~~- global $wgParser;~~
34		~~- $wgParser->setFunctionHook('widget', 'renderWidget');~~
	42	+ $parser->setFunctionHook('widget', 'renderWidget');
35	43	}
36	44
37	45	function widgetLanguageGetMagic( &$magicWords, $langCode = "en" )
—	—	@@ -166,10 +174,6 @@
167	175	global $widgetNamespaceIndex, $wgExtraNamespaces, $wgNamespacesWithSubpages,
168	176	$wgGroupPermissions, $wgNamespaceProtection;
169	177
170		~~- if (!isset($widgetNamespaceIndex)) {~~
171		~~- $widgetNamespaceIndex = 274;~~
172		~~- }~~
173		-
174	178	define('NS_WIDGET', $widgetNamespaceIndex);
175	179	define('NS_WIDGET_TALK', $widgetNamespaceIndex+1);
176	180

Follow-up revisions

Revision	Commit summary	Author	Date
r51681	Backported r50477, r50541, r50898, r50900, recent changes from trunk includin...	tstarling	05:42, 10 June 2009

Status & tagging log

07:09, 19 May 2009 Tim Starling (talk | contribs) changed the status of r50477 [removed: new added: deferred]
14:52, 11 May 2009 Brion VIBBER (talk | contribs) changed the status of r50477 [removed: new added: deferred]