From bc2d89c66c324fc765284f0ea8568f319472d080 Mon Sep 17 00:00:00 2001 From: umherirrender Date: Sat, 21 Feb 2015 10:37:31 +0100 Subject: [PATCH] Check return value of preg_match in Sanitizer.php preg_match returns bool to indicate if $regs contains content, check that before using the array. Bug: T75487 Change-Id: Idca50feb170e35ca25e9874674f5a4091748052a --- includes/Sanitizer.php | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 104ce03cbe..96193a74af 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -573,27 +573,25 @@ class Sanitizer { } else { # this might be possible using tidy itself foreach ( $bits as $x ) { - preg_match( self::ELEMENT_BITS_REGEX, $x, $regs ); - - wfSuppressWarnings(); - list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs; - wfRestoreWarnings(); + if ( preg_match( self::ELEMENT_BITS_REGEX, $x, $regs ) ) { + list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs; - $badtag = false; - if ( isset( $htmlelements[$t = strtolower( $t )] ) ) { - if ( is_callable( $processCallback ) ) { - call_user_func_array( $processCallback, array( &$params, $args ) ); - } + $badtag = false; + if ( isset( $htmlelements[$t = strtolower( $t )] ) ) { + if ( is_callable( $processCallback ) ) { + call_user_func_array( $processCallback, array( &$params, $args ) ); + } - if ( !Sanitizer::validateTag( $params, $t ) ) { - $badtag = true; - } + if ( !Sanitizer::validateTag( $params, $t ) ) { + $badtag = true; + } - $newparams = Sanitizer::fixTagAttributes( $params, $t ); - if ( !$badtag ) { - $rest = str_replace( '>', '>', $rest ); - $text .= "<$slash$t$newparams$brace$rest"; - continue; + $newparams = Sanitizer::fixTagAttributes( $params, $t ); + if ( !$badtag ) { + $rest = str_replace( '>', '>', $rest ); + $text .= "<$slash$t$newparams$brace$rest"; + continue; + } } } $text .= '<' . str_replace( '>', '>', $x ); -- 2.20.1