r63424 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r63423‎ \| r63424 \| r63425 >
Date:	22:22, 8 March 2010
Author:	tstarling
Status:	ok
Tags:
Comment:	Fixed CSS validation issue (no handling for line continuation). Reported by Suffusion of Yellow. Release notes will go in other branches.
Modified paths:	/trunk/phase3/includes/Sanitizer.php (modified) (history) /trunk/phase3/maintenance/parserTests.txt (modified) (history)

Diff [purge]

Index: trunk/phase3/maintenance/parserTests.txt
—	—	@@ -4438,7 +4438,24 @@
4439	4439
4440	4440	!! end
4441	4441
	4442	+!! test
	4443	+CSS line continuation 1
	4444	+!! input
	4445	+<div style="background-image: u\ rl(test.jpg);"></div>
	4446	+!! result
	4447	+<div></div>
4442	4448
	4449	+!! end
	4450	+
	4451	+!! test
	4452	+CSS line continuation 2
	4453	+!! input
	4454	+<div style="background-image: u\ rl(test.jpg); "></div>
	4455	+!! result
	4456	+<div></div>
	4457	+
	4458	+!! end
	4459	+
4443	4460	!! article
4444	4461	Template:Identity
4445	4462	!! text
Index: trunk/phase3/includes/Sanitizer.php
—	—	@@ -738,24 +738,48 @@
739	739	* @return Mixed
740	740	*/
741	741	static function checkCss( $value ) {
742		~~- $stripped = Sanitizer::decodeCharReferences( $value );~~
	742	+ $value = Sanitizer::decodeCharReferences( $value );
743	743
744	744	// Remove any comments; IE gets token splitting wrong
745		~~- $stripped = StringUtils::delimiterReplace( '/', '/', ' ', $stripped );~~
	745	+ $value = StringUtils::delimiterReplace( '/', '/', ' ', $value );
746	746
747		~~- $value = $stripped;~~
748		-
749		~~- // ... and continue checks~~
750		~~- $stripped = preg_replace( '!\\\\([0-9A-Fa-f]{1,6})[ \\n\\r\\t\\f]?!e',~~
751		~~- 'codepointToUtf8(hexdec("$1"))', $stripped );~~
752		~~- $stripped = str_replace( '\\', '', $stripped );~~
753		~~- if( preg_match( '/(?:expression\|tps:\/\/\|url\\s\().*/is',~~
754		~~- $stripped ) ) {~~
755		~~- # haxx0r~~
	747	+ // Decode escape sequences and line continuation
	748	+ // See the grammar in the CSS 2 spec, appendix D, Mozilla implements it accurately.
	749	+ // IE 8 doesn't implement it at all, but there's no way to introduce url() into
	750	+ // IE that doesn't hit Mozilla also.
	751	+ static $decodeRegex;
	752	+ if ( !$decodeRegex ) {
	753	+ $space = '[\\x20\\t\\r\\n\\f]';
	754	+ $nl = '(?:\\n\|\\r\\n\|\\r\|\\f)';
	755	+ $backslash = '\\\\';
	756	+ $decodeRegex = "/ $backslash
	757	+ (?:
	758	+ ($nl) \| # 1. Line continuation
	759	+ ([0-9A-Fa-f]{1,6})$space? \| # 2. character number
	760	+ (.) # 3. backslash cancelling special meaning
	761	+ )/xu";
	762	+ }
	763	+ $decoded = preg_replace_callback( $decodeRegex,
	764	+ array( __CLASS__, 'cssDecodeCallback' ), $value );
	765	+ if ( preg_match( '!expression\|https?://\|url\s*\(!i', $decoded ) ) {
	766	+ // Not allowed
756	767	return false;
	768	+ } else {
	769	+ // Allowed, return CSS with comments stripped
	770	+ return $value;
757	771	}
	772	+ }
758	773
759		~~- return $value;~~
	774	+ static function cssDecodeCallback( $matches ) {
	775	+ if ( $matches[1] !== '' ) {
	776	+ return '';
	777	+ } elseif ( $matches[2] !== '' ) {
	778	+ return codepointToUtf8( hexdec( $matches[2] ) );
	779	+ } elseif ( $matches[3] !== '' ) {
	780	+ return $matches[3];
	781	+ } else {
	782	+ throw new MWException( __METHOD__.': invalid match' );
	783	+ }
760	784	}
761	785
762	786	/**

Follow-up revisions

Revision	Commit summary	Author	Date
r63426	MFT r63424 (CSS validation issue)	tstarling	22:28, 8 March 2010
r63427	MFT r63424 (CSS validation issue)	tstarling	22:29, 8 March 2010
r63429	MFT r63424 (CSS validation issue) plus release notes.	tstarling	22:34, 8 March 2010

Status & tagging log

22:28, 8 March 2010 😂 (talk | contribs) changed the status of r63424 [removed: new added: ok]