From 3bddedf685051638fdba61268ad195fee041db1c Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Wed, 2 Feb 2011 07:54:46 +0100
Subject: update to MediaWiki 1.16.2

---
 includes/DefaultSettings.php | 2 +-
 includes/Sanitizer.php       | 7 +++++++
 includes/StringUtils.php     | 6 +++++-
 includes/StubObject.php      | 2 +-
 4 files changed, 14 insertions(+), 3 deletions(-)

(limited to 'includes')

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index c118075e..155bb7c0 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ if ( !defined( 'MW_PHP4' ) ) {
 }
 
 /** MediaWiki version number */
-$wgVersion = '1.16.1';
+$wgVersion = '1.16.2';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename         = 'MediaWiki';
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index f6a9773d..b5725ce8 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -739,6 +739,13 @@ class Sanitizer {
 		// Remove any comments; IE gets token splitting wrong
 		$value = StringUtils::delimiterReplace( '/*', '*/', ' ', $value );
 
+		// Remove anything after a comment-start token, to guard against
+		// incorrect client implementations.
+		$commentPos = strpos( $value, '/*' );
+		if ( $commentPos !== false ) {
+			$value = substr( $value, 0, $commentPos );
+		}
+
 		// Decode escape sequences and line continuation
 		// See the grammar in the CSS 2 spec, appendix D.
 		static $decodeRegex, $reencodeTable;
diff --git a/includes/StringUtils.php b/includes/StringUtils.php
index c437b3c1..0be88df5 100644
--- a/includes/StringUtils.php
+++ b/includes/StringUtils.php
@@ -77,16 +77,20 @@ class StringUtils {
 			}
 
 			if ( $tokenType == 'start' ) {
-				$inputPos = $tokenOffset + $tokenLength;
 				# Only move the start position if we haven't already found a start
 				# This means that START START END matches outer pair
 				if ( !$foundStart ) {
 					# Found start
+					$inputPos = $tokenOffset + $tokenLength;
 					# Write out the non-matching section
 					$output .= substr( $subject, $outputPos, $tokenOffset - $outputPos );
 					$outputPos = $tokenOffset;
 					$contentPos = $inputPos;
 					$foundStart = true;
+				} else {
+					# Move the input position past the *first character* of START,
+					# to protect against missing END when it overlaps with START
+					$inputPos = $tokenOffset + 1;
 				}
 			} elseif ( $tokenType == 'end' ) {
 				if ( $foundStart ) {
diff --git a/includes/StubObject.php b/includes/StubObject.php
index c8731fff..52fbeb24 100644
--- a/includes/StubObject.php
+++ b/includes/StubObject.php
@@ -152,7 +152,7 @@ class StubUserLang extends StubObject {
 		$code = strtolower( $code );
 
 		# Validate $code
-		if( empty( $code ) || !preg_match( '/^[a-z-]+$/', $code ) || ( $code === 'qqq' ) ) {
+		if( empty( $code ) || !Language::isValidCode( $code ) || ( $code === 'qqq' ) ) {
 			wfDebug( "Invalid user language code\n" );
 			$code = $wgContLanguageCode;
 		}
-- 
cgit v1.2.2