resourceloader: Sanitize lang with isValidBuiltInCode(), not isValidCode()

Follows-up r96280 (368dbc5f5b), and r82927 (1e67922842).

Language::isValidCode() (used by index.php) allows a very wide range of values,
which inflates the msg_resource cache quite a bit (T102058). This is a first
step toward locking it down.

This change affects both handling of incoming load.php requests, and the
formatting of request urls by OutputPage. As such, OutputPage will no longer
forward invalid uselang values that are valid for index.php to load.php.

Change-Id: I27857ce5949bc616c7179f5f47b24aa2f6765f5f

diff --git a/includes/resourceloader/ResourceLoaderContext.php b/includes/resourceloader/ResourceLoaderContext.php
index c797fd6..6c4cdfe 100644 (file)
--- a/includes/resourceloader/ResourceLoaderContext.php
+++ b/includes/resourceloader/ResourceLoaderContext.php
@@ -158,8 +158,16 @@ class ResourceLoaderContext {
         */
        public function getLanguage() {
                if ( $this->language === null ) {
-                       // Must be a valid language code after this point (bug 62849)
-                       $this->language = RequestContext::sanitizeLangCode( $this->getRequest()->getVal( 'lang' ) );
+                       // Must be a valid language code after this point (T64849)
+                       // Only support uselang values that follow built-in conventions (T102058)
+                       $lang = $this->getRequest()->getVal( 'lang', '' );
+                       // Stricter version of RequestContext::sanitizeLangCode()
+                       if ( !Language::isValidBuiltInCode( $lang ) ) {
+                               wfDebug( "Invalid user language code\n" );
+                               global $wgLanguageCode;
+                               $lang = $wgLanguageCode;
+                       }
+                       $this->language = $lang;
                }
                return $this->language;
        }