From 277118e53f3617ca02ac663afbafcba822b5ebce Mon Sep 17 00:00:00 2001 From: Jackmcbarn Date: Mon, 22 Dec 2014 12:42:37 -0500 Subject: [PATCH] SECURITY: Sanitize the content of Lua backtraces Bug: T85113 Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 --- engines/LuaCommon/LuaCommon.php | 18 ++++++++++-------- 1 files changed, 10 insertions(+), 8 deletions(-) diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php index f8a6e2e..9f77234 100644 --- a/engines/LuaCommon/LuaCommon.php +++ b/engines/LuaCommon/LuaCommon.php @@ -936,25 +936,27 @@ class Scribunto_LuaError extends ScribuntoException { } if ( strval( $info['namewhat'] ) !== '' ) { - $function = wfMessage( 'scribunto-lua-in-function', $info['name'] ); + $function = wfMessage( 'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) ); in_array( 'content', $msgOptions ) ? - $function = $function->inContentLanguage()->text() : - $function = $function->text(); + $function = $function->inContentLanguage()->plain() : + $function = $function->plain(); } elseif ( $info['what'] == 'main' ) { $function = wfMessage( 'scribunto-lua-in-main' ); in_array( 'content', $msgOptions ) ? - $function = $function->inContentLanguage()->text() : - $function = $function->text(); + $function = $function->inContentLanguage()->plain() : + $function = $function->plain(); } else { // C function, tail call, or a Lua function where Lua can't // guess the name $function = '?'; } - $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line', "$src", $function ); + $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line' ) + ->rawParams( "$src" ) + ->params( $function ); in_array( 'content', $msgOptions ) ? - $backtraceLine = $backtraceLine->inContentLanguage()->text() : - $backtraceLine = $backtraceLine->text(); + $backtraceLine = $backtraceLine->inContentLanguage()->parse() : + $backtraceLine = $backtraceLine->parse(); $s .= "
  • \n\t" . $backtraceLine . "\n
    • \n"; } -- 1.7.9