* @throws UnexpectedValueException If $templateName attempts upwards directory traversal
*/
protected function getTemplateFilename( $templateName ) {
- // Prevent upwards directory traversal using same methods as Title::secureAndSplit
+ // Prevent path traversal. Based on Language::isValidCode().
+ // This is for paranoia. The $templateName should never come from
+ // untrusted input.
if (
- strpos( $templateName, '.' ) !== false &&
- (
- $templateName === '.' || $templateName === '..' ||
- strpos( $templateName, './' ) === 0 ||
- strpos( $templateName, '../' ) === 0 ||
- strpos( $templateName, '/./' ) !== false ||
- strpos( $templateName, '/../' ) !== false ||
- substr( $templateName, -2 ) === '/.' ||
- substr( $templateName, -3 ) === '/..'
- )
+ strcspn( $templateName, ":/\\\000&<>'\"%" ) !== strlen( $templateName )
) {
throw new UnexpectedValueException( "Malformed \$templateName: $templateName" );
}
$key = $cache->makeKey( 'template', $templateName, $fastHash );
$code = $this->forceRecompile ? null : $cache->get( $key );
- if ( !$code ) {
- $code = $this->compileForEval( $fileContents, $filename );
-
- // Prefix the cached code with a keyed hash (64 hex chars) as an integrity check
- $cache->set( $key, hash_hmac( 'sha256', $code, $secretKey ) . $code );
- } else {
+ if ( $code ) {
// Verify the integrity of the cached PHP code
$keyedHash = substr( $code, 0, 64 );
$code = substr( $code, 64 );
if ( $keyedHash !== hash_hmac( 'sha256', $code, $secretKey ) ) {
- // Generate a notice if integrity check fails
- trigger_error( "Template failed integrity check: {$filename}" );
+ // If the integrity check fails, don't use the cached code
+ // We'll update the invalid cache below
+ $code = null;
}
}
+ if ( !$code ) {
+ $code = $this->compileForEval( $fileContents, $filename );
+
+ // Prefix the cached code with a keyed hash (64 hex chars) as an integrity check
+ $cache->set( $key, hash_hmac( 'sha256', $code, $secretKey ) . $code );
+ }
// If there is no secret key available, don't use cache
} else {
$code = $this->compileForEval( $fileContents, $filename );