MediaWiki 1.16.2

[autoinstallsdev/mediawiki.git] / languages / Language.php

diff --git a/languages/Language.php b/languages/Language.php
index 343ac8a72a839e08fc71c31a945479f762bfb1aa..3416fb274495568f463bffa3f0d2ef61ab1c6f63 100644 (file)
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -144,6 +144,14 @@ class Language {
        protected static function newFromCode( $code ) {
                global $IP;
                static $recursionLevel = 0;
+
+               // Protect against path traversal below
+               if ( !Language::isValidCode( $code ) 
+                       || strcspn( $code, "/\\\000" ) !== strlen( $code ) ) 
+               {
+                       throw new MWException( "Invalid language code \"$code\"" );
+               }
+
                if ( $code == 'en' ) {
                        $class = 'Language';
                } else {
@@ -173,6 +181,14 @@ class Language {
                return $lang;
        }
 
+       /**
+        * Returns true if a language code string is of a valid form, whether or 
+        * not it exists.
+        */
+       public static function isValidCode( $code ) {
+               return strcspn( $code, "/\\\000" ) === strlen( $code );
+       }
+
        /**
         * Get the LocalisationCache instance
         */
@@ -2462,6 +2478,13 @@ class Language {
         * @return string $prefix . $mangledCode . $suffix
         */
        static function getFileName( $prefix = 'Language', $code, $suffix = '.php' ) {
+               // Protect against path traversal
+               if ( !Language::isValidCode( $code ) 
+                       || strcspn( $code, "/\\\000" ) !== strlen( $code ) ) 
+               {
+                       throw new MWException( "Invalid language code \"$code\"" );
+               }
+               
                return $prefix . str_replace( '-', '_', ucfirst( $code ) ) . $suffix;
        }