Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix potential html injection when the database server isn't available (bug 26164).

Browse source 
Wikis which set $wgServer in their LocalSettings or are in a virtual
host would never be vulnerable.
For sites which show the wiki in the default host, it will depend on how
forgiving is their webserver and php stack for that garbled input, although 
some kind of foolable proxy —moreover wrongly caching errors (or the default 
output buffering is disabled and something incorrectly sent a previous text)—
would also need to be present in order to make that useful for a 
potential attacker.
This commit is contained in:
Platonides 2010-11-29 16:34:28 +00:00
parent 3dec73f653
commit 6e81d60086
3 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
RELEASE-NOTES
View file

@ -441,6 +441,7 @@ LocalSettings.php. The specific bugs are listed below in the general notes.
* (bug 25451) Improved datetime representation in 32 bit php >= 5.2.
* Show "skin does not exist error" only when the skin is inputted in the wrong
case.
* (bug 26164) Potential html injection when the database server isn't available
=== API changes in 1.17 ===
* (bug 22738) Allow filtering by action type on query=logevent.

6
includes/Exception.php
View file

@ -236,13 +236,15 @@ class MWException extends Exception {
header( 'Pragma: nocache' );
}
$title = $this->getPageTitle();
$logo = htmlspecialchars( $wgLogo, ENT_QUOTES );
$title = htmlspecialchars( $this->getPageTitle() );
return "<html>
<head>
<title>$title</title>
</head>
<body>
<h1><img src='$wgLogo' style='float:left;margin-right:1em' alt=''/>$title</h1>
<h1><img src='$logo' style='float:left;margin-right:1em' alt=''/>$title</h1>
";
}

13
includes/db/Database.php
View file

@ -2805,7 +2805,7 @@ class DBConnectionError extends DBError {
}
function searchForm() {
global $wgSitename, $wgServer, $wgLang, $wgInputEncoding;
global $wgSitename, $wgServer, $wgLang;
$usegoogle = "You can try searching via Google in the meantime.";
$outofdate = "Note that their indexes of our content may be out of date.";
@ -2819,20 +2819,23 @@ class DBConnectionError extends DBError {
$search = htmlspecialchars( @$_REQUEST['search'] );
$server = htmlspecialchars( $wgServer );
$sitename = htmlspecialchars( $wgSitename );
$trygoogle = <<<EOT
<div style="margin: 1.5em">$usegoogle<br />
<small>$outofdate</small></div>
<!-- SiteSearch Google -->
<form method="get" action="http://www.google.com/search" id="googlesearch">
<input type="hidden" name="domains" value="$wgServer" />
<input type="hidden" name="domains" value="$server" />
<input type="hidden" name="num" value="50" />
<input type="hidden" name="ie" value="$wgInputEncoding" />
<input type="hidden" name="oe" value="$wgInputEncoding" />
<input type="hidden" name="ie" value="UTF-8" />
<input type="hidden" name="oe" value="UTF-8" />
<input type="text" name="q" size="31" maxlength="255" value="$search" />
<input type="submit" name="btnG" value="$googlesearch" />
<div>
<input type="radio" name="sitesearch" id="gwiki" value="$wgServer" checked="checked" /><label for="gwiki">$wgSitename</label>
<input type="radio" name="sitesearch" id="gwiki" value="$server" checked="checked" /><label for="gwiki">$sitename</label>
<input type="radio" name="sitesearch" id="gWWW" value="" /><label for="gWWW">WWW</label>
</div>
</form>