From: csteipp Date: Fri, 6 Dec 2013 21:34:30 +0000 (-0800) Subject: SECURITY: Don't normalize U+FF3C to \ X-Git-Tag: 1.31.0-rc.0~17262 X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_ecrire%28%22lang_raccourcis%22%2C%22module=%24nom_module%22%29%20.%20%22?a=commitdiff_plain;h=f8c9f876ef3d1271abb509fc548a0ef2ea24298f;p=lhc%2Fweb%2Fwiklou.git SECURITY: Don't normalize U+FF3C to \ Bug: 58088 Change-Id: I10bf8dbce41bd617ddf16eb5fc20af1b1cb5f201 --- diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index a6fb6d0173..7461a8b9ef 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -867,7 +867,7 @@ class Sanitizer { // Normalize Halfwidth and Fullwidth Unicode block that IE6 might treat as ascii $value = preg_replace_callback( - '/[!-z]/u', // U+FF01 to U+FF5A + '/[!-[]-z]/u', // U+FF01 to U+FF5A, excluding U+FF3C (bug 58088) function ( $matches ) { $cp = utf8ToCodepoint( $matches[0] ); if ( $cp === false ) {