diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2012-09-02 15:19:34 +0200 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2012-09-02 15:19:34 +0200 |
commit | 9498a3d2852ace0f4ee23598f542dbce3fd2ec28 (patch) | |
tree | 5aeced25a9fc09f93682788259f5c7d6d248634d /languages/Language.php | |
parent | 588cc40aeec0165400421ef9612e81b6d2c7b936 (diff) |
Update to MediaWiki 1.19.2
Diffstat (limited to 'languages/Language.php')
-rw-r--r-- | languages/Language.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/languages/Language.php b/languages/Language.php index 0fcd2785..ad544328 100644 --- a/languages/Language.php +++ b/languages/Language.php @@ -210,7 +210,11 @@ class Language { */ public static function isValidCode( $code ) { return - strcspn( $code, ":/\\\000" ) === strlen( $code ) + // People think language codes are html safe, so enforce it. + // Ideally we should only allow a-zA-Z0-9- + // but, .+ and other chars are often used for {{int:}} hacks + // see bugs 37564, 37587, 36938 + strcspn( $code, ":/\\\000&<>'\"" ) === strlen( $code ) && !preg_match( Title::getTitleInvalidRegex(), $code ); } |