dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
9d9201c
)
Revert r81576: The fact that there are two checks, one close to the inclusion and...
author
Tim Starling
<tstarling@users.mediawiki.org>
Mon, 28 Feb 2011 02:35:57 +0000
(
02:35
+0000)
committer
Tim Starling
<tstarling@users.mediawiki.org>
Mon, 28 Feb 2011 02:35:57 +0000
(
02:35
+0000)
languages/Language.php
patch
|
blob
|
history
diff --git
a/languages/Language.php
b/languages/Language.php
index
b8515f3
..
3501bd5
100644
(file)
--- a/
languages/Language.php
+++ b/
languages/Language.php
@@
-156,7
+156,9
@@
class Language {
static $recursionLevel = 0;
// Protect against path traversal below
static $recursionLevel = 0;
// Protect against path traversal below
- if ( !Language::isValidCode( $code ) ) {
+ if ( !Language::isValidCode( $code )
+ || strcspn( $code, "/\\\000" ) !== strlen( $code ) )
+ {
throw new MWException( "Invalid language code \"$code\"" );
}
throw new MWException( "Invalid language code \"$code\"" );
}
@@
-2856,7
+2858,9
@@
class Language {
*/
static function getFileName( $prefix = 'Language', $code, $suffix = '.php' ) {
// Protect against path traversal
*/
static function getFileName( $prefix = 'Language', $code, $suffix = '.php' ) {
// Protect against path traversal
- if ( !Language::isValidCode( $code ) ) {
+ if ( !Language::isValidCode( $code )
+ || strcspn( $code, "/\\\000" ) !== strlen( $code ) )
+ {
throw new MWException( "Invalid language code \"$code\"" );
}
throw new MWException( "Invalid language code \"$code\"" );
}