http://www.mediawiki.org/wiki/Special:Code/MediaWiki/67791
Revision: 67791 Author: daniel Date: 2010-06-10 09:10:09 +0000 (Thu, 10 Jun 2010) Log Message: ----------- fix sanity check on field name in query generation; add regression test Modified Paths: -------------- trunk/extensions/DataTransclusion/DBDataTransclusionSource.php trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php Modified: trunk/extensions/DataTransclusion/DBDataTransclusionSource.php =================================================================== --- trunk/extensions/DataTransclusion/DBDataTransclusionSource.php 2010-06-10 09:03:59 UTC (rev 67790) +++ trunk/extensions/DataTransclusion/DBDataTransclusionSource.php 2010-06-10 09:10:09 UTC (rev 67791) @@ -84,7 +84,7 @@ $db = wfGetDB( DB_SLAVE ); } - if ( !preg_match( '/\w+[\w\d]+/', $field ) ) { + if ( !preg_match( '/^\w+[\w\d]+$/', $field ) ) { return false; // redundant, but make extra sure we don't get anythign evil here //TESTME } Modified: trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php =================================================================== --- trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php 2010-06-10 09:03:59 UTC (rev 67790) +++ trunk/extensions/DataTransclusion/tests/DataTransclusionTest.php 2010-06-10 09:10:09 UTC (rev 67791) @@ -309,6 +309,10 @@ $sql = $source->getQuery( 'id', '3' ); $this->assertTrue( preg_match( '/WHERE \( *id *= *3 *\)/', $sql ) === 1 ); + + // check blocking of evil field names + $sql = $source->getQuery( 'name = 0; select * from x;', 'foo' ); + $this->assertEquals( $sql, false ); } function testWebDataTransclusionSource() { _______________________________________________ MediaWiki-CVS mailing list MediaWiki-CVS@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs