r82925 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r82924‎ \| r82925 \| r82926 >
Date:	02:35, 28 February 2011
Author:	tstarling
Status:	ok (Comments)
Tags:
Comment:	Revert r81576: The fact that there are two checks, one close to the inclusion and one exposed to the user, was a deliberate security measure. Only the fact that they are the same was intended to be temporary.
Modified paths:	/trunk/phase3/languages/Language.php (modified) (history)

Diff [purge]

Index: trunk/phase3/languages/Language.php
—	—	@@ -156,7 +156,9 @@
157	157	static $recursionLevel = 0;
158	158
159	159	// Protect against path traversal below
160		~~- if ( !Language::isValidCode( $code ) ) {~~
	160	+ if ( !Language::isValidCode( $code )
	161	+ \|\| strcspn( $code, "/\\\000" ) !== strlen( $code ) )
	162	+ {
161	163	throw new MWException( "Invalid language code \"$code\"" );
162	164	}
163	165
—	—	@@ -2856,7 +2858,9 @@
2857	2859	*/
2858	2860	static function getFileName( $prefix = 'Language', $code, $suffix = '.php' ) {
2859	2861	// Protect against path traversal
2860		~~- if ( !Language::isValidCode( $code ) ) {~~
	2862	+ if ( !Language::isValidCode( $code )
	2863	+ \|\| strcspn( $code, "/\\\000" ) !== strlen( $code ) )
	2864	+ {
2861	2865	throw new MWException( "Invalid language code \"$code\"" );
2862	2866	}
2863	2867

Revision	Commit summary	Author	Date
r81576	Avoid code duplication for Language::isValidCode...	hashar	22:55, 5 February 2011

#Comment by Hashar (talk | contribs) 12:01, 28 February 2011

You might want to add a note in the code for later reference :-)

12:01, 28 February 2011 Hashar (talk | contribs) changed the status of r82925 [removed: new added: ok]