r85598 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r85597‎ \| r85598 \| r85599 >
Date:	00:06, 7 April 2011
Author:	reedy
Status:	ok
Tags:
Comment:	* (bug 28176) Review and enable CLDR extension Guard the PHP file inclusions against path traversal
Modified paths:	/trunk/extensions/cldr/LanguageNames.body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/cldr/LanguageNames.body.php
—	—	@@ -63,7 +63,7 @@
64	64
65	65	/* Load override for wrong or missing entries in cldr */
66	66	$override = dirname(__FILE__) . '/' . self::getOverrideFileName( $code );
67		~~- if ( file_exists( $override ) ) {~~
	67	+ if ( Language::isValidBuiltInCode( $code ) && file_exists( $override ) ) {
68	68	$names = false;
69	69	require( $override );
70	70	if ( is_array( $names ) ) {
—	—	@@ -72,7 +72,7 @@
73	73	}
74	74
75	75	$filename = dirname(__FILE__) . '/' . self::getFileName( $code );
76		~~- if ( file_exists( $filename ) ) {~~
	76	+ if ( Language::isValidBuiltInCode( $code ) && file_exists( $filename ) ) {
77	77	$names = false;
78	78	require( $filename );
79	79	if ( is_array( $names ) ) {

20:28, 20 April 2011 Catrope (talk | contribs) changed the tags for r85598 [removed: 1.17]
10:41, 20 April 2011 Catrope (talk | contribs) changed the tags for r85598 [removed: 1.17wmf1]
17:33, 15 April 2011 😂 (talk | contribs) changed the status of r85598 [removed: new added: ok]
00:07, 7 April 2011 Reedy (talk | contribs) changed the tags for r85598 [added: 1.17,1.17wmf1]