dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
16b6b92
)
Fix security flaw in parser -- $unique in input text
author
Tim Starling
<tstarling@users.mediawiki.org>
Wed, 7 Jan 2004 08:17:19 +0000
(08:17 +0000)
committer
Tim Starling
<tstarling@users.mediawiki.org>
Wed, 7 Jan 2004 08:17:19 +0000
(08:17 +0000)
includes/OutputPage.php
patch
|
blob
|
history
diff --git
a/includes/OutputPage.php
b/includes/OutputPage.php
index
c1a91be
..
70ea4f2
100644
(file)
--- a/
includes/OutputPage.php
+++ b/
includes/OutputPage.php
@@
-140,7
+140,12
@@
class OutputPage {
$stripped = "";
$stripped2 = "";
$stripped3 = "";
-
+
+ # Replace any instances of the placeholders
+ $text = str_replace( $unique, '$unique', $text );
+ $text = str_replace( $unique2, '$unique2', $text );
+ $text = str_replace( $unique3, '$unique3', $text );
+
global $wgEnableParserCache;
$use_parser_cache =
$wgEnableParserCache && $action == "view" &&
@@
-153,7
+158,7
@@
class OutputPage {
return;
}
}
-
+
while ( "" != $text ) {
$p = preg_split( "/<\\s*nowiki\\s*>/i", $text, 2 );
$stripped .= $p[0];