Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SECURITY: Don't normalize U+FF3C to \

Browse source 
Bug: 58088
Change-Id: I10bf8dbce41bd617ddf16eb5fc20af1b1cb5f201
This commit is contained in:
csteipp 2013-12-06 13:34:30 -08:00
parent befff4f2ef
commit f8c9f876ef
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
includes/Sanitizer.php
View file

@ -867,7 +867,7 @@ class Sanitizer {
// Normalize Halfwidth and Fullwidth Unicode block that IE6 might treat as ascii
$value = preg_replace_callback(
'/[-]/u', // U+FF01 to U+FF5A
'/[--]/u', // U+FF01 to U+FF5A, excluding U+FF3C (bug 58088)
function ( $matches ) {
$cp = utf8ToCodepoint( $matches[0] );
if ( $cp === false ) {