r51788 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r51787‎ | r51788 | r51789 >
Date:11:18, 12 June 2009
Author:thomasv
Status:ok (Comments)
Tags:
Comment:
the index page may contain several pagelists (follow-up to r51787)
Modified paths:
  • /trunk/extensions/ProofreadPage/ProofreadPage.php (modified) (history)

Diff [purge]

Index: trunk/extensions/ProofreadPage/ProofreadPage.php
@@ -211,14 +211,18 @@
212212 $text = $rev->getText();
213213
214214 //check if it is using pagelist
215 - preg_match( "/<pagelist(.*?)\/>/is", $text, $m );
216 - if( $m ){
217 - preg_match_all( "/([0-9a-z]*?)\=(.*?)\s/", $m[1] . " ", $m2, PREG_PATTERN_ORDER );
 215+ preg_match_all( "/<pagelist(.*?)\/>/is", $text, $m, PREG_PATTERN_ORDER );
 216+ if( $m ) {
 217+
218218 $params = array();
 219+ for( $k = 0; $k < count( $m[1] ); $k++) {
 220+ preg_match_all( "/([0-9a-z]*?)\=(.*?)\s/", $m[1][$k] . " ", $m2, PREG_PATTERN_ORDER );
 221+ for( $i = 0; $i < count( $m2[1] ); $i++) {
 222+ $params[ $m2[1][$i] ] = $m2[2][$i];
 223+ }
 224+ }
219225 $links = null;
220 - for( $i = 0; $i < count( $m2[1] ); $i++) {
221 - $params[ $m2[1][$i] ] = $m2[2][$i];
222 - }
 226+
223227 } else {
224228 $params = null;
225229 $tag_pattern = "/\[\[($page_namespace:.*?)(\|(.*?)|)\]\]/i";

Follow-up revisions

RevisionCommit summaryAuthorDate
r51869follow-up to r51788thomasv08:13, 15 June 2009

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r51787adding from...to parameters to pagelistthomasv11:01, 12 June 2009

Comments

#Comment by Tim Starling (talk | contribs)   04:06, 15 June 2009

Regexes of the form /(start).*?(end)/ have O(N^2) worst-case performance, and so are a DoS risk, if the start string also matches the middle section. In this case you can use /[^<]/ instead of /./ for the middle section to stop that from happening. So the full regex will be "/<pagelist([^<]*?)\/>/is".

For the attribute section, you should use Sanitizer::decodeTagAttributes() instead of doing it yourself.

#Comment by ThomasV (talk | contribs)   08:14, 15 June 2009

ok, that's fixed in r51869

Status & tagging log