]> scripts.mit.edu Git - autoinstallsdev/mediawiki.git/blobdiff - includes/Sanitizer.php
scripts.mit.edu / autoinstallsdev / mediawiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
MediaWiki 1.16.2
[autoinstallsdev/mediawiki.git] / includes / Sanitizer.php
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index f6a9773d80487924214971434b4514b624145991..b5725ce83ae60b0c573c1831a6fff17152e1a440 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -739,6 +739,13 @@ class Sanitizer {
                // Remove any comments; IE gets token splitting wrong
                $value = StringUtils::delimiterReplace( '/*', '*/', ' ', $value );
 
+               // Remove anything after a comment-start token, to guard against
+               // incorrect client implementations.
+               $commentPos = strpos( $value, '/*' );
+               if ( $commentPos !== false ) {
+                       $value = substr( $value, 0, $commentPos );
+               }
+
                // Decode escape sequences and line continuation
                // See the grammar in the CSS 2 spec, appendix D.
                static $decodeRegex, $reencodeTable;
MediaWiki autoinstaller for scripts.mit.edu