r99059 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r99058‎ \| r99059 \| r99060 >
Date:	23:31, 5 October 2011
Author:	tstarling
Status:	ok
Tags:
Comment:	(bug 31379) Don't use the $errcontext parameter of a PHP error handler to get information for error display, this introduces an unexpected, difficult-to-maintain data flow which leads to bugs like the referenced one above.
Modified paths:	/trunk/extensions/AbuseFilter/AbuseFilter.parser.php (modified) (history)

Diff [purge]

Index: trunk/extensions/AbuseFilter/AbuseFilter.parser.php
—	—	@@ -216,12 +216,13 @@
217	217	$pattern .= 'i';
218	218	}
219	219
	220	+ $handler = new AFPRegexErrorHandler( $pattern, $pos );
220	221	try {
221		~~- set_error_handler( array( 'AbuseFilterParser', 'regexErrorHandler' ) );~~
	222	+ $handler->install();
222	223	$result = preg_match( $pattern, $str );
223		~~- restore_error_handler();~~
	224	+ $handler->restore();
224	225	} catch ( Exception $e ) {
225		~~- restore_error_handler();~~
	226	+ $handler->restore();
226	227	throw $e;
227	228	}
228	229	return new AFPData( self::DBool, (bool)$result );
—	—	@@ -394,6 +395,32 @@
395	396	}
396	397	}
397	398
	399	+class AFPRegexErrorHandler {
	400	+ function __construct( $regex, $pos ) {
	401	+ $this->regex = $regex;
	402	+ $this->pos = $pos;
	403	+ }
	404	+
	405	+ function handleError( $errno, $errstr, $errfile, $errline, $context ) {
	406	+ if ( error_reporting() == 0 ) {
	407	+ return true;
	408	+ }
	409	+ throw new AFPUserVisibleException(
	410	+ 'regexfailure',
	411	+ $this->pos,
	412	+ array( $errstr, $this->regex )
	413	+ );
	414	+ }
	415	+
	416	+ function install() {
	417	+ set_error_handler( array( $this, 'handleError' ) );
	418	+ }
	419	+
	420	+ function restore() {
	421	+ restore_error_handler();
	422	+ }
	423	+}
	424	+
398	425	class AbuseFilterParser {
399	426	var $mParams, $mVars, $mCode, $mTokens, $mPos, $mCur, $mShortCircuit, $mAllowShort;
400	427
—	—	@@ -1477,12 +1504,13 @@
1478	1505
1479	1506	$matches = array();
1480	1507
	1508	+ $handler = new AFPRegexErrorHandler( $needle, $this->mCur->pos );
1481	1509	try {
1482		~~- set_error_handler( array( 'AbuseFilterParser', 'regexErrorHandler' ) );~~
	1510	+ $handler->install();
1483	1511	$count = preg_match_all( $needle, $haystack, $matches );
1484		~~- restore_error_handler();~~
	1512	+ $handler->restore();
1485	1513	} catch ( Exception $e ) {
1486		~~- restore_error_handler();~~
	1514	+ $handler->restore();
1487	1515	throw $e;
1488	1516	}
1489	1517	}
—	—	@@ -1766,17 +1794,6 @@
1767	1795
1768	1796	return AFPData::castTypes( $val, AFPData::DBool );
1769	1797	}
1770		-
1771		~~- public static function regexErrorHandler( $errno, $errstr, $errfile, $errline, $context ) {~~
1772		~~- if ( error_reporting() == 0 ) {~~
1773		~~- return true;~~
1774		~~- }~~
1775		~~- throw new AFPUserVisibleException(~~
1776		~~- 'regexfailure',~~
1777		~~- $context['pos'],~~
1778		~~- array( $errstr, $context['regex'] )~~
1779		~~- );~~
1780		~~- }~~
1781	1798	}
1782	1799
1783	1800	# Taken from http://au2.php.net/manual/en/function.fnmatch.php#71725

Follow-up revisions

Revision	Commit summary	Author	Date
r99060	MFT r99059	aaron	23:39, 5 October 2011
r100383	REL1_18 MFT r97886, r97899, r97969, r98179, r98497, r98654, r98773, r98801, r...	reedy	21:36, 20 October 2011

Status & tagging log

21:36, 20 October 2011 Reedy (talk | contribs) changed the tags for r99059 [removed: 1.18]
02:52, 6 October 2011 Tim Starling (talk | contribs) changed the tags for r99059 [added: 1.18]
23:38, 5 October 2011 Aaron Schulz (talk | contribs) changed the status of r99059 [removed: new added: ok]