diff options
| author | Pierre Schmitz <pierre@archlinux.de> | 2011-02-02 07:54:46 +0100 |
|---|---|---|
| committer | Pierre Schmitz <pierre@archlinux.de> | 2011-02-02 07:54:46 +0100 |
| commit | 3bddedf685051638fdba61268ad195fee041db1c (patch) | |
| tree | 93ed42491453fef8fe0614d2620146b8b603db1d /includes/Sanitizer.php | |
| parent | 8f93926e1bc6e96fc11b4d0d201025022d471de7 (diff) | |
update to MediaWiki 1.16.2
Diffstat (limited to 'includes/Sanitizer.php')
| -rw-r--r-- | includes/Sanitizer.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index f6a9773d..b5725ce8 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -739,6 +739,13 @@ class Sanitizer { // Remove any comments; IE gets token splitting wrong $value = StringUtils::delimiterReplace( '/*', '*/', ' ', $value ); + // Remove anything after a comment-start token, to guard against + // incorrect client implementations. + $commentPos = strpos( $value, '/*' ); + if ( $commentPos !== false ) { + $value = substr( $value, 0, $commentPos ); + } + // Decode escape sequences and line continuation // See the grammar in the CSS 2 spec, appendix D. static $decodeRegex, $reencodeTable; |