http://www.mediawiki.org/wiki/Special:Code/MediaWiki/67791
Revision: 67791
Author: daniel
Date: 2010-06-10 09:10:09 +0000 (Thu, 10 Jun 2010)
Log Message:
-----------
fix sanity check on field name in query generation; add regression test
Modified Paths:
--------------
trunk/extensions/DataTransclusion/DBDataTransclusionSource.php
trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php
Modified: trunk/extensions/DataTransclusion/DBDataTransclusionSource.php
===================================================================
--- trunk/extensions/DataTransclusion/DBDataTransclusionSource.php
2010-06-10 09:03:59 UTC (rev 67790)
+++ trunk/extensions/DataTransclusion/DBDataTransclusionSource.php
2010-06-10 09:10:09 UTC (rev 67791)
@@ -84,7 +84,7 @@
$db = wfGetDB( DB_SLAVE );
}
- if ( !preg_match( '/\w+[\w\d]+/', $field ) ) {
+ if ( !preg_match( '/^\w+[\w\d]+$/', $field ) ) {
return false; // redundant, but make extra sure we
don't get anythign evil here //TESTME
}
Modified: trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php
===================================================================
--- trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php
2010-06-10 09:03:59 UTC (rev 67790)
+++ trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php
2010-06-10 09:10:09 UTC (rev 67791)
@@ -309,6 +309,10 @@
$sql = $source->getQuery( 'id', '3' );
$this->assertTrue( preg_match( '/WHERE \( *id *= *3 *\)/', $sql
) === 1 );
+
+ // check blocking of evil field names
+ $sql = $source->getQuery( 'name = 0; select * from x;', 'foo' );
+ $this->assertEquals( $sql, false );
}
function testWebDataTransclusionSource() {
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
