Validate that $wgVariantArticlePath is absolute, too

Follow-up to a4a3d0454069c25a24e2bfe732a665cc6a865878.
Unlikely to be a security problem, as $2 generally has to
appear somewhere before $1 in this config option.

Bug: T48998
Change-Id: I08788713d9bd7c4c8d81479c18b5a404997a778d

diff --git a/includes/Setup.php b/includes/Setup.php
index 2723258..f4b0a24 100644 (file)
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -523,13 +523,15 @@ require_once "$IP/includes/compat/normal/UtfNormalUtil.php";
 $ps_validation = Profiler::instance()->scopedProfileIn( $fname . '-validation' );
 
 // T48998: Bail out early if $wgArticlePath is non-absolute
-if ( !preg_match( '/^(https?:\/\/|\/)/', $wgArticlePath ) ) {
-       throw new FatalError(
-               'If you use a relative URL for $wgArticlePath, it must start ' .
-               'with a slash (<code>/</code>).<br><br>See ' .
-               '<a href="https://www.mediawiki.org/wiki/Manual:$wgArticlePath">' .
-               'https://www.mediawiki.org/wiki/Manual:$wgArticlePath</a>.'
-       );
+foreach ( array( 'wgArticlePath', 'wgVariantArticlePath' ) as $varName ) {
+       if ( $$varName && !preg_match( '/^(https?:\/\/|\/)/', $$varName ) ) {
+               throw new FatalError(
+                       "If you use a relative URL for \$$varName, it must start " .
+                       'with a slash (<code>/</code>).<br><br>See ' .
+                       "<a href=\"https://www.mediawiki.org/wiki/Manual:\$$varName\">" .
+                       "https://www.mediawiki.org/wiki/Manual:\$$varName</a>."
+               );
+       }
 }
 
 Profiler::instance()->scopedProfileOut( $ps_validation );