Revert r81576: The fact that there are two checks, one close to the inclusion and...

author Tim Starling <tstarling@users.mediawiki.org>

Mon, 28 Feb 2011 02:35:57 +0000 (02:35 +0000)

committer Tim Starling <tstarling@users.mediawiki.org>

Mon, 28 Feb 2011 02:35:57 +0000 (02:35 +0000)
author Tim Starling <tstarling@users.mediawiki.org>
Mon, 28 Feb 2011 02:35:57 +0000 (02:35 +0000)
committer Tim Starling <tstarling@users.mediawiki.org>
Mon, 28 Feb 2011 02:35:57 +0000 (02:35 +0000)
diff --git a/languages/Language.php b/languages/Language.php

index b8515f3..3501bd5 100644 (file)
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -156,7 +156,9 @@ class Language {
                 static $recursionLevel = 0;
  
                 // Protect against path traversal below
-               if ( !Language::isValidCode( $code ) ) {
+               if ( !Language::isValidCode( $code ) 
+                       || strcspn( $code, "/\\\000" ) !== strlen( $code ) ) 
+               {
                         throw new MWException( "Invalid language code \"$code\"" );
                 }
  
@@ -2856,7 +2858,9 @@ class Language {
          */
         static function getFileName( $prefix = 'Language', $code, $suffix = '.php' ) {
                 // Protect against path traversal
-               if ( !Language::isValidCode( $code ) ) {
+               if ( !Language::isValidCode( $code ) 
+                       || strcspn( $code, "/\\\000" ) !== strlen( $code ) ) 
+               {
                         throw new MWException( "Invalid language code \"$code\"" );
                 }
author	Tim Starling <tstarling@users.mediawiki.org>
	Mon, 28 Feb 2011 02:35:57 +0000 (02:35 +0000)
committer	Tim Starling <tstarling@users.mediawiki.org>
	Mon, 28 Feb 2011 02:35:57 +0000 (02:35 +0000)