r51425 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r51424‎ \| r51425 \| r51426 >
Date:	17:13, 3 June 2009
Author:	tstarling
Status:	deferred
Tags:
Comment:	Reverted r49586, shell injection vulnerability noted on CodeReview.
Modified paths:	/trunk/extensions/SyntaxHighlight_vim/Syntax.php (modified) (history) /trunk/extensions/SyntaxHighlight_vim/SyntaxHook.php (modified) (history) /trunk/extensions/SyntaxHighlight_vim/vimrc.vim (modified) (history)

Diff [purge]

Index: trunk/extensions/SyntaxHighlight_vim/vimrc.vim
—	—	@@ -4,6 +4,6 @@
5	5
6	6	set uc=0 " Disable swap files
7	7
8		~~-set background=light~~
	8	+set background=dark
9	9
10	10	colorscheme pablo
Index: trunk/extensions/SyntaxHighlight_vim/Syntax.php
—	—	@@ -19,10 +19,9 @@
20	20	function wfSyntax() {
21	21	wfUsePHP( 5.1 );
22	22	wfUseMW( '1.6alpha' );
23		-
	23	+
24	24	class Syntax {
25	25	private $mIn;
26		~~- private $mInFormat, $mColorscheme;~~
27	26	private $mInFile, $mOutFile;
28	27	private $mVimrc;
29	28
—	—	@@ -30,13 +29,11 @@
31	30	$this->mVimrc = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'vimrc.vim';
32	31
33	32	$this->mIn = $in;
34		~~- $this->mInFormat = $format;~~
35		~~- $this->mColorscheme = $colorscheme;~~
36	33	}
37	34
38	35	public function getOut() {
39	36	$this->genTemp();
40		-
	37	+
41	38	if ( ! $handle = fopen( $this->mInFile, 'a' ) )
42	39	die( 'AAAAAAA' );
43	40	if ( fwrite( $handle, $this->mIn ) === false )
—	—	@@ -48,7 +45,7 @@
49	46	$html = preg_replace( '~</p>\s</body>.?$~s', '</style>', $html );
50	47
51	48	$this->rmTemp();
52		-
	49	+
53	50	return $html;
54	51	}
55	52
—	—	@@ -56,22 +53,19 @@
57	54	$this->mInFile = $this->mktemp();
58	55	$this->mOutFile = $this->mktemp();
59	56	}
60		-
	57	+
61	58	private static function mktemp() {
62	59	return rtrim( shell_exec( 'mktemp -u' ), "\n" );
63	60	}
64		-
	61	+
65	62	private function rmTemp() {
66	63	unlink( $this->mInFile );
67	64	unlink( $this->mOutFile );
68	65	}
69	66
70	67	private function run() {
71		~~- $commands = '';~~
72		~~- if( $this->mInFormat ) { $commands .= "+'set filetype={$this->mInFormat}' "; }~~
73		~~- if( $this->mColorscheme ) { $commands .= "+'colorscheme {$this->mColorscheme}' "; }~~
74		~~- shell_exec( "vim -u {$this->mVimrc} -e {$commands} +'run! syntax/2html.vim' +':w {$this->mOutFile}' +':qa!' {$this->mInFile}" );~~
75		-
	68	+ shell_exec( "vim -u {$this->mVimrc} -e +'run! syntax/2html.vim' +':w {$this->mOutFile}' +':qa!' {$this->mInFile}" );
	69	+
76	70	return file_get_contents( $this->mOutFile );
77	71	}
78	72	}
Index: trunk/extensions/SyntaxHighlight_vim/SyntaxHook.php
—	—	@@ -33,13 +33,8 @@
34	34
35	35	public function hook( $in, array $argv ) {
36	36	$in = ltrim( $in, "\n" );
	37	+ $syntax = new Syntax( $in );
37	38
38		~~- $format = $colorscheme = null;~~
39		~~- if( isset( $argv['lang'] ) ) { $format = $argv['lang']; }~~
40		~~- if( isset( $argv['colorscheme'] ) ) { $colorscheme = $argv['colorscheme']; }~~
41		-
42		~~- $syntax = new Syntax( $in, $format, $colorscheme );~~
43		-
44	39	return $syntax->getOut();
45	40	}
46	41	}

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r49586	(bug 17949) Add support to chose language and colorscheme to SyntaxHighlight_...	siebrand	23:42, 16 April 2009

Status & tagging log

05:02, 15 June 2009 Tim Starling (talk | contribs) changed the status of r51425 [removed: new added: deferred]