From: Ryan Schmidt <skizzerz@skizzerz.net>
Date: Wed, 20 Jan 2016 17:06:45 +0000 (-0600)
Subject: Properly escape \n and \r in IRCColourfulRCFeedFormatter
X-Git-Tag: 1.31.0-rc.0~8259^2
X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=afcfb1d1fb6c4420f518785371262bef3e8e9b2f;p=lhc%2Fweb%2Fwiklou.git

Properly escape \n and \r in IRCColourfulRCFeedFormatter

Right now it is possible to emit a raw \n or \r to the UDP feed by
encoding it as an HTML entity, e.g. &#10; This could be used for
arbitrary IRC command execution in bots which do not subsequently
perform their own escaping. This commit changes it so that entities are
decoded first before \n and \r are stripped.

Change-Id: I3f7005abded3fbafb586754d763a00a4018f0954
---

diff --git a/includes/rcfeed/IRCColourfulRCFeedFormatter.php b/includes/rcfeed/IRCColourfulRCFeedFormatter.php
index 30be343165..0efcebf9a3 100644
--- a/includes/rcfeed/IRCColourfulRCFeedFormatter.php
+++ b/includes/rcfeed/IRCColourfulRCFeedFormatter.php
@@ -123,10 +123,10 @@ class IRCColourfulRCFeedFormatter implements RCFeedFormatter {
 	 * @return string
 	 */
 	public static function cleanupForIRC( $text ) {
-		return Sanitizer::decodeCharReferences( str_replace(
+		return str_replace(
 			array( "\n", "\r" ),
 			array( " ", "" ),
-			$text
-		) );
+			Sanitizer::decodeCharReferences( $text )
+		);
 	}
 }