Created
February 28, 2014 00:03
-
-
Save anonymous/9262427 to your computer and use it in GitHub Desktop.
MediaWiki ParserHell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php | |
index 0de8cda..78232ef 100644 | |
--- a/includes/Sanitizer.php | |
+++ b/includes/Sanitizer.php | |
@@ -379,6 +379,7 @@ class Sanitizer { | |
if ( !$staticInitialised || $staticInitialised != $globalContext ) { | |
$htmlpairsStatic = array( # Tags that must be closed | |
+ 'style', | |
'b', 'bdi', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1', | |
'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's', | |
'strike', 'strong', 'tt', 'var', 'div', 'center', | |
@@ -435,7 +436,18 @@ class Sanitizer { | |
# Remove HTML comments | |
$text = Sanitizer::removeHTMLcomments( $text ); | |
- $bits = explode( '<', $text ); | |
+ $initialbits = explode( '<', $text ); | |
+ $styles = array(); | |
+ $bits = array(); | |
+ foreach ( $initialbits as $bit ) { | |
+ if ( strtolower( substr( $bit, 0, 5 ) ) === 'style' ) { | |
+ $styles[] = str_replace( 'style>', '', $bit ); | |
+ } else { | |
+ // FIXME: Hacky | |
+ $bit = str_replace( '/style>', '!-- Style extracted-->', $bit ); | |
+ $bits[] = $bit; | |
+ } | |
+ } | |
$text = str_replace( '>', '>', array_shift( $bits ) ); | |
if ( !$wgUseTidy ) { | |
$tagstack = $tablestack = array(); | |
@@ -540,7 +552,6 @@ class Sanitizer { | |
if ( is_callable( $processCallback ) ) { | |
call_user_func_array( $processCallback, array( &$params, $args ) ); | |
} | |
- | |
if ( !Sanitizer::validateTag( $params, $t ) ) { | |
$badtag = true; | |
} | |
@@ -591,7 +602,7 @@ class Sanitizer { | |
} | |
} | |
wfProfileOut( __METHOD__ ); | |
- return $text; | |
+ return '<style>' . implode( '', $styles ) . '</style>' . $text; | |
} | |
/** | |
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php | |
index 340f462..ef65936 100644 | |
--- a/includes/parser/Parser.php | |
+++ b/includes/parser/Parser.php | |
@@ -2463,9 +2463,9 @@ class Parser { | |
wfProfileIn( __METHOD__ . "-paragraph" ); | |
# No prefix (not in list)--go to paragraph mode | |
# XXX: use a stack for nestable elements like span, table and div | |
- $openmatch = preg_match( '/(?:<table|<h1|<h2|<h3|<h4|<h5|<h6|<pre|<tr|<p|<ul|<ol|<dl|<li|<\\/tr|<\\/td|<\\/th)/iS', $t ); | |
+ $openmatch = preg_match( '/(?:<style|<table|<h1|<h2|<h3|<h4|<h5|<h6|<pre|<tr|<p|<ul|<ol|<dl|<li|<\\/tr|<\\/td|<\\/th)/iS', $t ); | |
$closematch = preg_match( | |
- '/(?:<\\/table|<\\/h1|<\\/h2|<\\/h3|<\\/h4|<\\/h5|<\\/h6|' . | |
+ '/(?:<\\/style|<\\/table|<\\/h1|<\\/h2|<\\/h3|<\\/h4|<\\/h5|<\\/h6|' . | |
'<td|<th|<\\/?blockquote|<\\/?div|<hr|<\\/pre|<\\/p|<\\/mw:|' . $this->mUniqPrefix . '-pre|<\\/li|<\\/ul|<\\/ol|<\\/dl|<\\/?center)/iS', $t ); | |
if ( $openmatch or $closematch ) { | |
$paragraphStack = false; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment