From 75b865cf87df2f84a898807f46ec61b5b9529f6c Mon Sep 17 00:00:00 2001
From: Roan Kattouw <catrope@users.mediawiki.org>
Date: Mon, 27 Feb 2012 22:41:20 +0000
Subject: [PATCH] In ResourceLoaderContext, normalize invalid skin names to
 $wgDefaultSkin . This should help a lot with the pollution of the module_deps
 table, which is currently littered with invalid skin names from people trying
 to hack the site. I found 3,897 (!!) distinct values for md_skin

Sample from the query result:

| md_module                   | md_skin                          |
|-----------------------------|----------------------------------|
| ext.vector.collapsibleNav   | vector'                          |
| ext.vector.collapsibleNav   | vector' and 1=1--                |
| ext.vector.collapsibleNav   | vector' and 1=2--                |
| ext.vector.collapsibleNav   | vector')waitfor delay'0:0:20'--  |
| ext.vector.collapsibleNav   | vector',0)waitfor delay'0:0:20'- |
| ext.vector.collapsibleNav   | vector',0,0)waitfor delay'0:0:20 |
| ext.vector.collapsibleNav   | vector',0,0,0)waitfor delay'0:0: |
| ext.vector.collapsibleNav   | vector'waitfor delay'0:0:20'--   |
| ext.vector.collapsibleNav   | vector../../../../../../../../.. |
[...]
| ext.vector.sectionEditLinks | vector<script src=               |
| ext.vector.sectionEditLinks | vector?.tri.co.id/               |
| ext.vector.sectionEditLinks | vector??id=jCustomerWAPProv      |
| ext.vector.sectionEditLinks | vector??id=wap.mauj.com....      |
| ext.vector.sectionEditLinks | vector?id=202.87.41.147....      |
| ext.vector.sectionEditLinks | vector?java                      |
| ext.vector.sectionEditLinks | vector?m.vuclip.com/             |
| ext.vector.sectionEditLinks | vector?toyota.co.id              |
| ext.vector.sectionEditLinks | vectorGET                        |
| ext.vector.sectionEditLinks | vector]]>>                       |
| ext.vector.sectionEditLinks | vector`ping -c 20 127.0.0.1`     |
| ext.vector.sectionEditLinks | vector|echo 9e7f7fd5750593ab cef |
| ext.vector.sectionEditLinks | vector|ping -c 20 127.0.0.1||x   |
---
 includes/resourceloader/ResourceLoaderContext.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/resourceloader/ResourceLoaderContext.php b/includes/resourceloader/ResourceLoaderContext.php
index 2a5169aa9d..dd69bb01d5 100644
--- a/includes/resourceloader/ResourceLoaderContext.php
+++ b/includes/resourceloader/ResourceLoaderContext.php
@@ -63,7 +63,9 @@ class ResourceLoaderContext {
 		$this->only      = $request->getVal( 'only' );
 		$this->version   = $request->getVal( 'version' );
 
-		if ( !$this->skin ) {
+		$skinnames = Skin::getSkinNames();
+		// If no skin is specified, or we don't recognize the skin, use the default skin
+		if ( !$this->skin || !isset( $skinnames[$this->skin] ) ) {
 			$this->skin = $wgDefaultSkin;
 		}
 	}
-- 
2.20.1