From 3bddedf685051638fdba61268ad195fee041db1c Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Wed, 2 Feb 2011 07:54:46 +0100
Subject: update to MediaWiki 1.16.2

---
 languages/Language.php | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'languages/Language.php')

diff --git a/languages/Language.php b/languages/Language.php
index 343ac8a7..3416fb27 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -144,6 +144,14 @@ class Language {
 	protected static function newFromCode( $code ) {
 		global $IP;
 		static $recursionLevel = 0;
+
+		// Protect against path traversal below
+		if ( !Language::isValidCode( $code ) 
+			|| strcspn( $code, "/\\\000" ) !== strlen( $code ) ) 
+		{
+			throw new MWException( "Invalid language code \"$code\"" );
+		}
+
 		if ( $code == 'en' ) {
 			$class = 'Language';
 		} else {
@@ -173,6 +181,14 @@ class Language {
 		return $lang;
 	}
 
+	/**
+	 * Returns true if a language code string is of a valid form, whether or 
+	 * not it exists.
+	 */
+	public static function isValidCode( $code ) {
+		return strcspn( $code, "/\\\000" ) === strlen( $code );
+	}
+
 	/**
 	 * Get the LocalisationCache instance
 	 */
@@ -2462,6 +2478,13 @@ class Language {
 	 * @return string $prefix . $mangledCode . $suffix
 	 */
 	static function getFileName( $prefix = 'Language', $code, $suffix = '.php' ) {
+		// Protect against path traversal
+		if ( !Language::isValidCode( $code ) 
+			|| strcspn( $code, "/\\\000" ) !== strlen( $code ) ) 
+		{
+			throw new MWException( "Invalid language code \"$code\"" );
+		}
+		
 		return $prefix . str_replace( '-', '_', ucfirst( $code ) ) . $suffix;
 	}
 
-- 
cgit v1.2.3-54-g00ecf