thumb.php: Escape $rel404 in error message
Bug: T97391 Change-Id: I363686732fe9e5636c85c267c0728fc872c3e39d
This commit is contained in:
Timo Tijhof
Chad Horohoe
parent
00f3e29bfc
commit
a2d6ecc453
1 changed files with 19 additions and 7 deletions
26
thumb.php
26
thumb.php
|
|
@ -163,7 +163,7 @@ function wfStreamThumb( array $params ) {
|
|||
|
||||
// Check if the file is hidden
|
||||
if ( $img->isDeleted( File::DELETED_FILE ) ) {
|
||||
wfThumbError( 404, "The source file '$fileName' does not exist." );
|
||||
wfThumbErrorText( 404, "The source file '$fileName' does not exist." );
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -218,10 +218,10 @@ function wfStreamThumb( array $params ) {
|
|||
}
|
||||
|
||||
// If its not a redirect that has a target as a local file, give 404.
|
||||
wfThumbError( 404, "The source file '$fileName' does not exist." );
|
||||
wfThumbErrorText( 404, "The source file '$fileName' does not exist." );
|
||||
return;
|
||||
} elseif ( $img->getPath() === false ) {
|
||||
wfThumbError( 500, "The source file '$fileName' is not locally accessible." );
|
||||
wfThumbErrorText( 500, "The source file '$fileName' is not locally accessible." );
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -283,7 +283,7 @@ function wfStreamThumb( array $params ) {
|
|||
}
|
||||
return;
|
||||
} else {
|
||||
wfThumbError( 404, "The given path of the specified thumbnail is incorrect;
|
||||
wfThumbErrorText( 404, "The given path of the specified thumbnail is incorrect;
|
||||
expected '" . $img->getThumbRel( $thumbName ) . "' but got '" .
|
||||
rawurldecode( $rel404 ) . "'." );
|
||||
return;
|
||||
|
|
@ -546,14 +546,26 @@ function wfExtractThumbParams( $file, $params ) {
|
|||
return null;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Output a thumbnail generation error message
|
||||
*
|
||||
* @param int $status
|
||||
* @param string $msg HTML
|
||||
* @param string $msg Plain text (will be html escaped)
|
||||
* @return void
|
||||
*/
|
||||
function wfThumbError( $status, $msg ) {
|
||||
function wfThumbErrorText( $status, $msgText ) {
|
||||
return wfThumbError( $status, htmlspecialchars( $msgText ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Output a thumbnail generation error message
|
||||
*
|
||||
* @param int $status
|
||||
* @param string $msgHtml HTML
|
||||
* @return void
|
||||
*/
|
||||
function wfThumbError( $status, $msgHtml ) {
|
||||
global $wgShowHostnames;
|
||||
|
||||
header( 'Cache-Control: no-cache' );
|
||||
|
|
@ -585,7 +597,7 @@ function wfThumbError( $status, $msg ) {
|
|||
<body>
|
||||
<h1>Error generating thumbnail</h1>
|
||||
<p>
|
||||
$msg
|
||||
$msgHtml
|
||||
</p>
|
||||
$debug
|
||||
</body>
|
||||
|
|
|
|||
Loading…
Reference in a new issue