From acb2e720d86076c5d2dee8f36fc82ae9156ee3d5 Mon Sep 17 00:00:00 2001 From: Umherirrender Date: Sat, 1 Sep 2018 14:39:56 +0200 Subject: [PATCH] Pass delimiter to preg_quote This ensure that the regex is escaped correctly, even when the quoted value never contains the delimiter Change-Id: I2dc93fa0154d4506c276a30cab008bc2ac5e0687 --- includes/LinkFilter.php | 2 +- includes/libs/rdbms/database/DatabaseSqlite.php | 4 +++- tests/phpunit/MediaWikiTestCase.php | 2 +- tests/phpunit/structure/ApiStructureTest.php | 7 ++++++- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/includes/LinkFilter.php b/includes/LinkFilter.php index 17b4d56635..3b03f87976 100644 --- a/includes/LinkFilter.php +++ b/includes/LinkFilter.php @@ -65,7 +65,7 @@ class LinkFilter { * @return string Regex pattern, for preg_match() */ private static function makeRegex( $filterEntry, $protocol ) { - $regex = '!' . preg_quote( $protocol ); + $regex = '!' . preg_quote( $protocol, '!' ); if ( substr( $filterEntry, 0, 2 ) == '*.' ) { $regex .= '(?:[A-Za-z0-9.-]+\.|)'; $filterEntry = substr( $filterEntry, 2 ); diff --git a/includes/libs/rdbms/database/DatabaseSqlite.php b/includes/libs/rdbms/database/DatabaseSqlite.php index 1b9675add6..c8edc3901c 100644 --- a/includes/libs/rdbms/database/DatabaseSqlite.php +++ b/includes/libs/rdbms/database/DatabaseSqlite.php @@ -974,7 +974,9 @@ class DatabaseSqlite extends Database { } $sql = $obj->sql; $sql = preg_replace( - '/(?<=\W)"?' . preg_quote( trim( $this->addIdentifierQuotes( $oldName ), '"' ) ) . '"?(?=\W)/', + '/(?<=\W)"?' . + preg_quote( trim( $this->addIdentifierQuotes( $oldName ), '"' ), '/' ) . + '"?(?=\W)/', $this->addIdentifierQuotes( $newName ), $sql, 1 diff --git a/tests/phpunit/MediaWikiTestCase.php b/tests/phpunit/MediaWikiTestCase.php index 5cc45f5e21..aaf9f14baf 100644 --- a/tests/phpunit/MediaWikiTestCase.php +++ b/tests/phpunit/MediaWikiTestCase.php @@ -1705,7 +1705,7 @@ abstract class MediaWikiTestCase extends PHPUnit\Framework\TestCase { $originalTables = $db->listTables( $db->_originalTablePrefix, __METHOD__ ); if ( $prefix === 'unprefixed' ) { - $originalPrefixRegex = '/^' . preg_quote( $db->_originalTablePrefix ) . '/'; + $originalPrefixRegex = '/^' . preg_quote( $db->_originalTablePrefix, '/' ) . '/'; $originalTables = array_map( function ( $pt ) use ( $originalPrefixRegex ) { return preg_replace( $originalPrefixRegex, '', $pt ); diff --git a/tests/phpunit/structure/ApiStructureTest.php b/tests/phpunit/structure/ApiStructureTest.php index 692bd73a9f..95d3b60b00 100644 --- a/tests/phpunit/structure/ApiStructureTest.php +++ b/tests/phpunit/structure/ApiStructureTest.php @@ -454,7 +454,12 @@ class ApiStructureTest extends MediaWikiTestCase { } $keys = implode( '|', - array_map( 'preg_quote', array_keys( $config[ApiBase::PARAM_TEMPLATE_VARS] ) ) + array_map( + function ( $key ) { + return preg_quote( $key, '/' ); + }, + array_keys( $config[ApiBase::PARAM_TEMPLATE_VARS] ) + ) ); $this->assertRegExp( '/^(?>[^{}]+|\{(?:' . $keys . ')\})+$/', $param, "$param: Name may not contain '{' or '}' other than as defined by PARAM_TEMPLATE_VARS" ); -- 2.20.1