diff options
| author | Pierre Schmitz <pierre@archlinux.de> | 2011-02-02 07:54:46 +0100 |
|---|---|---|
| committer | Pierre Schmitz <pierre@archlinux.de> | 2011-02-02 07:54:46 +0100 |
| commit | 3bddedf685051638fdba61268ad195fee041db1c (patch) | |
| tree | 93ed42491453fef8fe0614d2620146b8b603db1d /includes | |
| parent | 8f93926e1bc6e96fc11b4d0d201025022d471de7 (diff) | |
update to MediaWiki 1.16.2
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/DefaultSettings.php | 2 | ||||
| -rw-r--r-- | includes/Sanitizer.php | 7 | ||||
| -rw-r--r-- | includes/StringUtils.php | 6 | ||||
| -rw-r--r-- | includes/StubObject.php | 2 |
4 files changed, 14 insertions, 3 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index c118075e..155bb7c0 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ if ( !defined( 'MW_PHP4' ) ) { } /** MediaWiki version number */ -$wgVersion = '1.16.1'; +$wgVersion = '1.16.2'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index f6a9773d..b5725ce8 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -739,6 +739,13 @@ class Sanitizer { // Remove any comments; IE gets token splitting wrong $value = StringUtils::delimiterReplace( '/*', '*/', ' ', $value ); + // Remove anything after a comment-start token, to guard against + // incorrect client implementations. + $commentPos = strpos( $value, '/*' ); + if ( $commentPos !== false ) { + $value = substr( $value, 0, $commentPos ); + } + // Decode escape sequences and line continuation // See the grammar in the CSS 2 spec, appendix D. static $decodeRegex, $reencodeTable; diff --git a/includes/StringUtils.php b/includes/StringUtils.php index c437b3c1..0be88df5 100644 --- a/includes/StringUtils.php +++ b/includes/StringUtils.php @@ -77,16 +77,20 @@ class StringUtils { } if ( $tokenType == 'start' ) { - $inputPos = $tokenOffset + $tokenLength; # Only move the start position if we haven't already found a start # This means that START START END matches outer pair if ( !$foundStart ) { # Found start + $inputPos = $tokenOffset + $tokenLength; # Write out the non-matching section $output .= substr( $subject, $outputPos, $tokenOffset - $outputPos ); $outputPos = $tokenOffset; $contentPos = $inputPos; $foundStart = true; + } else { + # Move the input position past the *first character* of START, + # to protect against missing END when it overlaps with START + $inputPos = $tokenOffset + 1; } } elseif ( $tokenType == 'end' ) { if ( $foundStart ) { diff --git a/includes/StubObject.php b/includes/StubObject.php index c8731fff..52fbeb24 100644 --- a/includes/StubObject.php +++ b/includes/StubObject.php @@ -152,7 +152,7 @@ class StubUserLang extends StubObject { $code = strtolower( $code ); # Validate $code - if( empty( $code ) || !preg_match( '/^[a-z-]+$/', $code ) || ( $code === 'qqq' ) ) { + if( empty( $code ) || !Language::isValidCode( $code ) || ( $code === 'qqq' ) ) { wfDebug( "Invalid user language code\n" ); $code = $wgContLanguageCode; } |