Merge "[Bug 41030] fix fatal error when rendering non-existing pages"

[lhc/web/wiklou.git] / includes / Sanitizer.php

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 224b2d1..8919f10 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -912,7 +912,7 @@ class Sanitizer {
                // Reject problematic keywords and control characters
                if ( preg_match( '/[\000-\010\016-\037\177]/', $value ) ) {
                        return '/* invalid control char */';
-               } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( !ix', $value ) ) {
+               } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( | image\s*\( !ix', $value ) ) {
                        return '/* insecure input */';
                }
                return $value;
@@ -1183,6 +1183,7 @@ class Sanitizer {
         * attribs regex matches.
         *
         * @param $set Array
+        * @throws MWException
         * @return String
         */
        private static function getTagAttributeCallback( $set ) {