SECURITY: XSS in unclosed internal links

[lhc/web/wiklou.git] / includes / parser / Parser.php

diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 206ad00..38eb621 100644 (file)
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -2158,7 +2158,7 @@ class Parser {
                                $might_be_img = true;
                                $text = $m[2];
                                if ( strpos( $m[1], '%' ) !== false ) {
-                                       $m[1] = rawurldecode( $m[1] );
+                                       $m[1] = str_replace( [ '<', '>' ], [ '&lt;', '&gt;' ], rawurldecode( $m[1] ) );
                                }
                                $trail = "";
                        } else { # Invalid form; output directly
@@ -4364,11 +4364,7 @@ class Parser {
                $this->startParse( $title, $options, self::OT_WIKI, $clearState );
                $this->setUser( $user );
 
-               $pairs = [
-                       "\r\n" => "\n",
-                       "\r" => "\n",
-               ];
-               $text = str_replace( array_keys( $pairs ), array_values( $pairs ), $text );
+               $text = str_replace( [ "\r\n", "\r" ], "\n", $text );
                if ( $options->getPreSaveTransform() ) {
                        $text = $this->pstPass2( $text, $user );
                }