From eb08422a33be1bd70880c6a9767d75913dc559e2 Mon Sep 17 00:00:00 2001
From: mglaser <glaser@hallowelt.biz>
Date: Wed, 8 Jan 2014 12:00:55 +0100
Subject: [PATCH] SECURITY: Don't normalize U+FF3C to \

Bug: 58088
Change-Id: I3bb23a173120fbbb60795094cf2d26657751642f
---
 includes/Sanitizer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 50ac84d..4b54daf 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -884,7 +884,7 @@ class Sanitizer {
 
 		// Normalize Halfwidth and Fullwidth Unicode block that IE6 might treat as ascii
 		$value = preg_replace_callback(
-			'/[！-ｚ]/u', // U+FF01 to U+FF5A
+			'/[！-［］-ｚ]/u', // U+FF01 to U+FF5A, excluding U+FF3C (bug 58088)
 			array( __CLASS__, 'cssNormalizeUnicodeWidth' ),
 			$value
 		);
-- 
1.8.4.msysgit.0