summaryrefslogtreecommitdiff
path: root/languages/Language.php
diff options
context:
space:
mode:
Diffstat (limited to 'languages/Language.php')
-rw-r--r--languages/Language.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/languages/Language.php b/languages/Language.php
index 0fcd2785..ad544328 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -210,7 +210,11 @@ class Language {
*/
public static function isValidCode( $code ) {
return
- strcspn( $code, ":/\\\000" ) === strlen( $code )
+ // People think language codes are html safe, so enforce it.
+ // Ideally we should only allow a-zA-Z0-9-
+ // but, .+ and other chars are often used for {{int:}} hacks
+ // see bugs 37564, 37587, 36938
+ strcspn( $code, ":/\\\000&<>'\"" ) === strlen( $code )
&& !preg_match( Title::getTitleInvalidRegex(), $code );
}