From f8c9f876ef3d1271abb509fc548a0ef2ea24298f Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Fri, 6 Dec 2013 13:34:30 -0800
Subject: [PATCH] SECURITY: Don't normalize U+FF3C to \

Bug: 58088
Change-Id: I10bf8dbce41bd617ddf16eb5fc20af1b1cb5f201
---
 includes/Sanitizer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index a6fb6d0173..7461a8b9ef 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -867,7 +867,7 @@ class Sanitizer {
 
 		// Normalize Halfwidth and Fullwidth Unicode block that IE6 might treat as ascii
 		$value = preg_replace_callback(
-			'/[ï¼-ï½]/u', // U+FF01 to U+FF5A
+			'/[ï¼-ï¼»ï¼½-ï½]/u', // U+FF01 to U+FF5A, excluding U+FF3C (bug 58088)
 			function ( $matches ) {
 				$cp = utf8ToCodepoint( $matches[0] );
 				if ( $cp === false ) {
-- 
2.20.1