Skip to content

Instantly share code, notes, and snippets.

/ParserHell.diff
Created Feb 28, 2014

Embed
What would you like to do?
MediaWiki ParserHell
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 0de8cda..78232ef 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -379,6 +379,7 @@ class Sanitizer {
if ( !$staticInitialised || $staticInitialised != $globalContext ) {
$htmlpairsStatic = array( # Tags that must be closed
+ 'style',
'b', 'bdi', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1',
'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's',
'strike', 'strong', 'tt', 'var', 'div', 'center',
@@ -435,7 +436,18 @@ class Sanitizer {
# Remove HTML comments
$text = Sanitizer::removeHTMLcomments( $text );
- $bits = explode( '<', $text );
+ $initialbits = explode( '<', $text );
+ $styles = array();
+ $bits = array();
+ foreach ( $initialbits as $bit ) {
+ if ( strtolower( substr( $bit, 0, 5 ) ) === 'style' ) {
+ $styles[] = str_replace( 'style>', '', $bit );
+ } else {
+ // FIXME: Hacky
+ $bit = str_replace( '/style>', '!-- Style extracted-->', $bit );
+ $bits[] = $bit;
+ }
+ }
$text = str_replace( '>', '&gt;', array_shift( $bits ) );
if ( !$wgUseTidy ) {
$tagstack = $tablestack = array();
@@ -540,7 +552,6 @@ class Sanitizer {
if ( is_callable( $processCallback ) ) {
call_user_func_array( $processCallback, array( &$params, $args ) );
}
-
if ( !Sanitizer::validateTag( $params, $t ) ) {
$badtag = true;
}
@@ -591,7 +602,7 @@ class Sanitizer {
}
}
wfProfileOut( __METHOD__ );
- return $text;
+ return '<style>' . implode( '', $styles ) . '</style>' . $text;
}
/**
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 340f462..ef65936 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -2463,9 +2463,9 @@ class Parser {
wfProfileIn( __METHOD__ . "-paragraph" );
# No prefix (not in list)--go to paragraph mode
# XXX: use a stack for nestable elements like span, table and div
- $openmatch = preg_match( '/(?:<table|<h1|<h2|<h3|<h4|<h5|<h6|<pre|<tr|<p|<ul|<ol|<dl|<li|<\\/tr|<\\/td|<\\/th)/iS', $t );
+ $openmatch = preg_match( '/(?:<style|<table|<h1|<h2|<h3|<h4|<h5|<h6|<pre|<tr|<p|<ul|<ol|<dl|<li|<\\/tr|<\\/td|<\\/th)/iS', $t );
$closematch = preg_match(
- '/(?:<\\/table|<\\/h1|<\\/h2|<\\/h3|<\\/h4|<\\/h5|<\\/h6|' .
+ '/(?:<\\/style|<\\/table|<\\/h1|<\\/h2|<\\/h3|<\\/h4|<\\/h5|<\\/h6|' .
'<td|<th|<\\/?blockquote|<\\/?div|<hr|<\\/pre|<\\/p|<\\/mw:|' . $this->mUniqPrefix . '-pre|<\\/li|<\\/ul|<\\/ol|<\\/dl|<\\/?center)/iS', $t );
if ( $openmatch or $closematch ) {
$paragraphStack = false;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.