diff options
author | Brion Vibber <brion@users.mediawiki.org> | 2005-11-03 02:20:03 +0000 |
---|---|---|
committer | Brion Vibber <brion@users.mediawiki.org> | 2005-11-03 02:20:03 +0000 |
commit | 062aa9951dda243f931bb04b9efb34b0363ffdc8 (patch) | |
tree | f7dca6c6a4523e538ac89b27276779d900694402 | |
parent | e5c6aee16a9ccbdcb5a7e4aba0614103e83a8b40 (diff) |
Toss in the CSS/XSS/MSIE fix from 1.5.1 while we're here. (Somewhat modified.)1.3.18
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/11630
-rw-r--r-- | RELEASE-NOTES | 8 | ||||
-rw-r--r-- | includes/Parser.php | 4 |
2 files changed, 10 insertions, 2 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0f08218bf3f0..f9e5b812c86c 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -7,12 +7,18 @@ setting since version 1.2.0. If you have it on, turn it *off* if you can. (released 2005-11-02) -MediaWiki 1.3.18 is a maintenance release. +MediaWiki 1.3.18 is a bugfix and security maintenance release. A change in PHP 4.4.1 broke handling of extension and <pre> sections, causing garbage data to be inserted in output and saved edits. This version works around the change. +This release includes further corrections to the inline CSS style sanitation +which works around a JavaScript "feature" on Microsoft Internet Explorer. +Users of Microsoft Internet Explorer for Windows may be vulnerable to +XSS injections on prior 1.3 releases; users of standards-compliant browsers +are not vulnerable. + == MediaWiki 1.3.17 == diff --git a/includes/Parser.php b/includes/Parser.php index 6dfccb6a2b55..58666b869d74 100644 --- a/includes/Parser.php +++ b/includes/Parser.php @@ -622,7 +622,9 @@ cl_sortkey" ; if( preg_match( '/style\\s*=/is', $t ) ) { // Remove any comments; IE gets token splitting wrong - $t = preg_replace( '!/\\*.*?\\*/!S', ' ', $t ); + $star = '(?:\*|�*42;|�*2a;)'; + $slash = '(?:/|�*47;|�*2f;)'; + $t = preg_replace( "!$slash$star.*?$star$slash!iS", ' ', $t ); $stripped = wfMungeToUtf8( $t ); $stripped = preg_replace( '!\\\\([0-9A-Fa-f]{1,6})[ \\n\\r\\t\\f]?!e', |