dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
8774b03
)
Fix JS injection vulnerability and test case
author
Gabriel Wicke
<gwicke@users.mediawiki.org>
Fri, 24 Mar 2006 16:43:57 +0000
(16:43 +0000)
committer
Gabriel Wicke
<gwicke@users.mediawiki.org>
Fri, 24 Mar 2006 16:43:57 +0000
(16:43 +0000)
includes/Parser.php
patch
|
blob
|
history
diff --git
a/includes/Parser.php
b/includes/Parser.php
index
1c8eca9
..
ff66e13
100644
(file)
--- a/
includes/Parser.php
+++ b/
includes/Parser.php
@@
-1416,7
+1416,9
@@
class Parser
$m[3] = $n[1];
}
# fix up urlencoded title texts
- if(preg_match('/%/', $m[1] )) $m[1] = urldecode($m[1]);
+ if(preg_match('/%/', $m[1] ))
+ # Should anchors '#' also be rejected?
+ $m[1] = str_replace( array('<', '>'), array('<', '>'), urldecode($m[1]) );
$trail = $m[3];
} elseif( preg_match($e1_img, $line, $m) ) { # Invalid, but might be an image with a link in its caption
$might_be_img = true;