From d7d08bd1a17618c7d77a6b9b2989e9f7293d6ed6 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Tue, 11 Sep 2007 00:19:58 +0200
Subject: added security patch -> 1.10.2

---
 includes/DefaultSettings.php   | 2 +-
 includes/api/ApiFormatBase.php | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

(limited to 'includes')

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index d9bd3760..d8f9a621 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -31,7 +31,7 @@ require_once( 'includes/SiteConfiguration.php' );
 $wgConf = new SiteConfiguration;
 
 /** MediaWiki version number */
-$wgVersion			= '1.10.1';
+$wgVersion			= '1.10.2';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename         = 'MediaWiki';
diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php
index 192c51a7..782a4161 100644
--- a/includes/api/ApiFormatBase.php
+++ b/includes/api/ApiFormatBase.php
@@ -145,8 +145,11 @@ for more information.
 	* This method also replaces any '<' with &lt;
 	*/
 	protected function formatHTML($text) {
-		// encode all tags as safe blue strings
-		$text = ereg_replace('\<([^>]+)\>', '<span style="color:blue;">&lt;\1&gt;</span>', $text);
+		// Escape everything first for full coverage
+		$text = htmlspecialchars($text);
+		
+		// encode all comments or tags as safe blue strings
+		$text = preg_replace('/\&lt;(!--.*?--|.*?)\&gt;/', '<span style="color:blue;">&lt;\1&gt;</span>', $text);
 		// identify URLs
 		$protos = "http|https|ftp|gopher";
 		$text = ereg_replace("($protos)://[^ '\"()<\n]+", '<a href="\\0">\\0</a>', $text);
-- 
cgit v1.2.2