wikimedia /
mediawiki
| @@ 56-69 (lines=14) @@ | ||
| 53 | */ |
|
| 54 | protected function getTemplateFilename( $templateName ) { |
|
| 55 | // Prevent upwards directory traversal using same methods as Title::secureAndSplit |
|
| 56 | if ( |
|
| 57 | strpos( $templateName, '.' ) !== false && |
|
| 58 | ( |
|
| 59 | $templateName === '.' || $templateName === '..' || |
|
| 60 | strpos( $templateName, './' ) === 0 || |
|
| 61 | strpos( $templateName, '../' ) === 0 || |
|
| 62 | strpos( $templateName, '/./' ) !== false || |
|
| 63 | strpos( $templateName, '/../' ) !== false || |
|
| 64 | substr( $templateName, -2 ) === '/.' || |
|
| 65 | substr( $templateName, -3 ) === '/..' |
|
| 66 | ) |
|
| 67 | ) { |
|
| 68 | throw new UnexpectedValueException( "Malformed \$templateName: $templateName" ); |
|
| 69 | } |
|
| 70 | ||
| 71 | return "{$this->templateDir}/{$templateName}.mustache"; |
|
| 72 | } |
|
| @@ 383-396 (lines=14) @@ | ||
| 380 | # Pages with "/./" or "/../" appearing in the URLs will often be un- |
|
| 381 | # reachable due to the way web browsers deal with 'relative' URLs. |
|
| 382 | # Also, they conflict with subpage syntax. Forbid them explicitly. |
|
| 383 | if ( |
|
| 384 | strpos( $dbkey, '.' ) !== false && |
|
| 385 | ( |
|
| 386 | $dbkey === '.' || $dbkey === '..' || |
|
| 387 | strpos( $dbkey, './' ) === 0 || |
|
| 388 | strpos( $dbkey, '../' ) === 0 || |
|
| 389 | strpos( $dbkey, '/./' ) !== false || |
|
| 390 | strpos( $dbkey, '/../' ) !== false || |
|
| 391 | substr( $dbkey, -2 ) == '/.' || |
|
| 392 | substr( $dbkey, -3 ) == '/..' |
|
| 393 | ) |
|
| 394 | ) { |
|
| 395 | throw new MalformedTitleException( 'title-invalid-relative', $text ); |
|
| 396 | } |
|
| 397 | ||
| 398 | # Magic tilde sequences? Nu-uh! |
|
| 399 | if ( strpos( $dbkey, '~~~' ) !== false ) { |
|
