Fix security flaw in parser -- $unique in input text

author Tim Starling <tstarling@users.mediawiki.org>

Wed, 7 Jan 2004 08:17:19 +0000 (08:17 +0000)

committer Tim Starling <tstarling@users.mediawiki.org>

Wed, 7 Jan 2004 08:17:19 +0000 (08:17 +0000)
author Tim Starling <tstarling@users.mediawiki.org>
Wed, 7 Jan 2004 08:17:19 +0000 (08:17 +0000)
committer Tim Starling <tstarling@users.mediawiki.org>
Wed, 7 Jan 2004 08:17:19 +0000 (08:17 +0000)
diff --git a/includes/OutputPage.php b/includes/OutputPage.php

index c1a91be..70ea4f2 100644 (file)
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -140,7 +140,12 @@ class OutputPage {
                 $stripped = "";
                 $stripped2 = "";
                 $stripped3 = "";
-
+               
+               # Replace any instances of the placeholders
+               $text = str_replace( $unique, '$unique', $text );
+               $text = str_replace( $unique2, '$unique2', $text );
+               $text = str_replace( $unique3, '$unique3', $text );
+               
                 global $wgEnableParserCache;
                 $use_parser_cache = 
                         $wgEnableParserCache && $action == "view" &&
@@ -153,7 +158,7 @@ class OutputPage {
                                 return;
                         }
                 }
-
+               
                 while ( "" != $text ) {
                         $p = preg_split( "/<\\s*nowiki\\s*>/i", $text, 2 );
                         $stripped .= $p[0];
author	Tim Starling <tstarling@users.mediawiki.org>
	Wed, 7 Jan 2004 08:17:19 +0000 (08:17 +0000)
committer	Tim Starling <tstarling@users.mediawiki.org>
	Wed, 7 Jan 2004 08:17:19 +0000 (08:17 +0000)