r94608 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r94607‎ | r94608 | r94609 >
Date:07:13, 16 August 2011
Author:aaron
Status:ok (Comments)
Tags:
Comment:
Fixed XSS
Modified paths:
  • /trunk/tools/mwmultiversion/multiversion/MWMultiVersion.php (modified) (history)

Diff [purge]

Index: trunk/tools/mwmultiversion/multiversion/MWMultiVersion.php
@@ -41,7 +41,7 @@
4242 */
4343 private static function createInstance() {
4444 if ( isset( self::$instance ) ) {
45 - die( "MWMultiVersion instance already set!\n" );
 45+ self::error( "MWMultiVersion instance already set!\n" );
4646 }
4747 self::$instance = new self;
4848 return self::$instance;
@@ -101,7 +101,7 @@
102102 $matches = array();
103103 if ( $secure ) {
104104 if ( !preg_match('/^([^.]+)\.([^.]+)\./', $secure, $matches ) ) {
105 - die( "Invalid hostname.\n" );
 105+ self::error( "Invalid hostname.\n" );
106106 }
107107 $lang = $matches[1];
108108 $site = $matches[2];
@@ -126,13 +126,13 @@
127127 } else if ( preg_match( '/^(.*)\.prototype\.wikimedia\.org$/', $serverName, $matches ) ) {
128128 $lang = $matches[1];
129129 } else {
130 - die( "Invalid host name ($serverName), can't determine language.\n" );
 130+ self::error( "Invalid host name ($serverName), can't determine language.\n" );
131131 }
132132 } elseif ( preg_match( "/^\/usr\/local\/apache\/(?:htdocs|common\/docroot)\/([a-z0-9\-_]*)$/", $docRoot, $matches ) ) {
133133 $site = "wikipedia";
134134 $lang = $matches[1];
135135 } else {
136 - die( "Invalid host name (docroot=" . $docRoot . "), can't determine language.\n" );
 136+ self::error( "Invalid host name (docroot=" . $docRoot . "), can't determine language.\n" );
137137 }
138138 }
139139 $this->loadDBFromSite( $site, $lang );
@@ -145,7 +145,7 @@
146146 private function setSiteInfoForUploadWiki( $pathInfo ) {
147147 $pathBits = explode( '/', $pathInfo );
148148 if ( count( $pathBits ) < 3 ) {
149 - die( "Invalid file path info (pathinfo=" . $pathInfo . "), can't determine language.\n" );
 149+ self::error( "Invalid file path info (pathinfo=" . $pathInfo . "), can't determine language.\n" );
150150 }
151151 $site = $pathBits[1];
152152 $lang = $pathBits[2];
@@ -171,7 +171,7 @@
172172 }
173173
174174 if ( $dbname === '' ) {
175 - die( "--wiki must be the first parameter.\n" );
 175+ self::error( "--wiki must be the first parameter.\n" );
176176 }
177177
178178 $this->db = $dbname;
@@ -217,11 +217,11 @@
218218 $extraVersion = false;
219219 } else {
220220 if ( strpos( $version, 'php-' ) !== 0 ) {
221 - die( "wikiversions.cdb version entry does not start with `php-` (got `$version`).\n" );
 221+ self::error( "wikiversions.cdb version entry does not start with `php-` (got `$version`).\n" );
222222 }
223223 $extraVersion = dba_fetch( "ext:{$this->db}", $db );
224224 if ( $extraVersion === false ) {
225 - die( "wikiversions.cdb has no extra version entry for `$db`.\n" );
 225+ self::error( "wikiversions.cdb has no extra version entry for `$db`.\n" );
226226 }
227227 }
228228 dba_close( $db );
@@ -241,7 +241,7 @@
242242 */
243243 private function assertNotMissing() {
244244 if ( $this->isMissing() ) {
245 - die( "wikiversions.cdb has no version entry for `{$this->db}`.\n" );
 245+ self::error( "wikiversions.cdb has no version entry for `{$this->db}`.\n" );
246246 }
247247 }
248248
@@ -295,4 +295,17 @@
296296 }
297297 return $ver;
298298 }
 299+
 300+ /**
 301+ * Error out with a die() message
 302+ * @param $msg String
 303+ * @return void
 304+ */
 305+ private static function error( $msg ) {
 306+ $msg = (string)$msg;
 307+ if ( php_sapi_name() !== 'cli' ) {
 308+ $msg = htmlspecialchars( $msg );
 309+ }
 310+ die( $msg );
 311+ }
299312 }

Comments

#Comment by Catrope (talk | contribs)   11:36, 16 August 2011

Good catch.

#Comment by Aaron Schulz (talk | contribs)   17:34, 16 August 2011

Thank Tim :)

Status & tagging log