dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 59ce345) | patch
SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit
authorBrian Wolff <bawolff+wn@gmail.com>
Sun, 24 Jan 2016 10:29:10 +0000 (05:29 -0500)
committerReedy <reedy@wikimedia.org>
Wed, 15 Nov 2017 03:33:03 +0000 (03:33 +0000)
commitfbe78cfa094645b907d0fd2885c5797321f794eb
tree4f6a0e09fb6b9a35f6139f66e54e5ffe9e58ddd4tree | snapshot
parent59ce3456a8007d76875fe8fb21eff4a90b214034commit | diff
SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit

Adjust regexes for what not to convert to avoid backtracking by
preferring possesive quantifiers

Add check that we really have matched to the end of the string, and
log error if the regex hits some sort of error preventing the
entire string from being matched. Should the regex not match to the
end, then language conversion is disabled for the string.

Bug: T124404
Change-Id: I4f0c171c7da804e9c1508ef1f59556665a318f6a
languages/LanguageConverter.php diff | blob | history
tests/phpunit/languages/LanguageConverterTest.php diff | blob | history
Wiklou, le Wiki du Wiklou