dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a1f90c1) | patch
Add some more missing limit parameters to explode() calls
authorThiemo Kreuz <thiemo.kreuz@wikimedia.de>
Tue, 26 Mar 2019 10:50:17 +0000 (11:50 +0100)
committerUmherirrender <umherirrender_de.wp@web.de>
Fri, 5 Apr 2019 14:34:39 +0000 (14:34 +0000)
commit31aeedb98a9f6afcbef2262abdda39cda9ea1090
tree6ea524ae9312124f2bf6e404821faaf639b44381tree | snapshot
parenta1f90c1b6dd5486c55ebabcd25d433e1591ddd44commit | diff
Add some more missing limit parameters to explode() calls

I benchmarked this again. The runtime of an unlimited explode() can be
quite high. This is not really a DoS attack vector as it would require to
post megabytes worth of input to the code, which will hit many other
limits before. I still consider it good practice to use unlimited explode()
only when it is actually allowed to return an unlimited amount of elements.

Change-Id: I30f8ca5dba7b317bb4a046b9740fd736b4eea291
includes/MediaWiki.php diff | blob | history
includes/composer/ComposerVersionNormalizer.php diff | blob | history
includes/session/Session.php diff | blob | history
Wiklou, le Wiki du Wiklou