From: Tim Starling <tstarling@users.mediawiki.org>
Date: Mon, 17 Jan 2005 08:40:08 +0000 (+0000)
Subject: fix for script execution vulnerability
X-Git-Tag: 1.5.0alpha1~915
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/ajouter.php?a=commitdiff_plain;h=829300bf0a1b5c0d09bb7d1b6b89c3dfd637ac18;p=lhc%2Fweb%2Fwiklou.git

fix for script execution vulnerability
---

diff --git a/includes/Setup.php b/includes/Setup.php
index e31aceb7fc..0b4f01a11d 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -257,7 +257,6 @@ function setupLangObj(&$langclass) {
 				}
 
 			}";
-
 		eval($snip);
 	}
 
@@ -281,9 +280,8 @@ if( !$wgUser->mDataLoaded ) {
 
 // wgLanguageCode now specifically means the UI language
 $wgLanguageCode = $wgUser->getOption('language');
-if( empty( $wgLanguageCode ) ) {
-	# Quick hack for upgrades where this will be blank,
-	# and it's not handled right. Set to default.
+# Validate $wgLanguageCode, which will soon be sent to an eval()
+if( empty( $wgLanguageCode ) || !preg_match( '/^[a-z\-]*$/', $wgLanguageCode ) ) {
 	$wgLanguageCode = $wgContLanguageCode;
 }
 
diff --git a/includes/SpecialPreferences.php b/includes/SpecialPreferences.php
index d47ad5c5d9..366603099d 100644
--- a/includes/SpecialPreferences.php
+++ b/includes/SpecialPreferences.php
@@ -91,6 +91,11 @@ class PreferencesForm {
 				}
 			}
 		}
+
+		# Validate language
+		if ( !preg_match( '/^[a-z\-]*$/', $this->mUserLanguage ) ) {
+			$this->mUserLanguage = 'nolanguage';
+		}
 	}
 
 	function execute() {