From: Tim Starling <tstarling@users.mediawiki.org>
Date: Wed, 7 Jan 2004 08:17:19 +0000 (+0000)
Subject: Fix security flaw in parser -- $unique in input text
X-Git-Tag: 1.3.0beta1~1186
X-Git-Url: http://git.cyclocoop.org/%22.%24h.%22?a=commitdiff_plain;h=9798f043fcc853e3af8691e6f97bbecc5b2dd834;p=lhc%2Fweb%2Fwiklou.git

Fix security flaw in parser -- $unique in input text
---

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index c1a91be594..70ea4f20ca 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -140,7 +140,12 @@ class OutputPage {
 		$stripped = "";
 		$stripped2 = "";
 		$stripped3 = "";
-
+		
+		# Replace any instances of the placeholders
+		$text = str_replace( $unique, '$unique', $text );
+		$text = str_replace( $unique2, '$unique2', $text );
+		$text = str_replace( $unique3, '$unique3', $text );
+		
 		global $wgEnableParserCache;
 		$use_parser_cache = 
 			$wgEnableParserCache && $action == "view" &&
@@ -153,7 +158,7 @@ class OutputPage {
 				return;
 			}
 		}
-
+		
 		while ( "" != $text ) {
 			$p = preg_split( "/<\\s*nowiki\\s*>/i", $text, 2 );
 			$stripped .= $p[0];