wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-23 21:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Skip regexp validation if the regex is (partly) unknown"

Browse source
This commit is contained in:
jenkins-bot 2021-02-06 21:50:35 +00:00 committed by Gerrit Code Review
parent d7204eaf73 28bd23f38d
commit 27c0130d53
2 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
includes/Parser/AbuseFilterParser.php
View file

@ -1411,7 +1411,7 @@ class AbuseFilterParser extends AFPTransitionBase {
// Suppress and restore needed per T177744
AtEase::suppressWarnings();
$this->checkRegexMatchesEmpty( $needle );
$this->checkRegexMatchesEmpty( $args[0] );
$count = preg_match_all( $needle, $haystack );
AtEase::restoreWarnings();
@ -1459,7 +1459,7 @@ class AbuseFilterParser extends AFPTransitionBase {
// Suppress and restore are here for the same reason as T177744
AtEase::suppressWarnings();
$this->checkRegexMatchesEmpty( $needle );
$this->checkRegexMatchesEmpty( $args[0] );
$check = preg_match( $needle, $haystack, $matches );
AtEase::restoreWarnings();
@ -1874,7 +1874,7 @@ class AbuseFilterParser extends AFPTransitionBase {
}
AtEase::suppressWarnings();
$this->checkRegexMatchesEmpty( $pattern );
$this->checkRegexMatchesEmpty( $regex );
$result = preg_match( $pattern, $str );
AtEase::restoreWarnings();
if ( $result === false ) {
@ -1956,11 +1956,15 @@ class AbuseFilterParser extends AFPTransitionBase {
* Check whether the provided regex matches the empty string.
* @note This method can generate a PHP notice if the regex is invalid
*
* @param string $regex
* @param AFPData $regex
*/
protected function checkRegexMatchesEmpty( string $regex ) : void {
protected function checkRegexMatchesEmpty( AFPData $regex ) : void {
if ( $regex->getType() === AFPData::DUNDEFINED ) {
// We can't tell, and toString() would return the empty string (T273809)
return;
}
// @phan-suppress-next-line PhanParamSuspiciousOrder
if ( preg_match( $regex, '' ) === 1 ) {
if ( preg_match( $regex->toString(), '' ) === 1 ) {
$this->warnings[] = new UserVisibleWarning(
'match-empty-regex',
$this->mCur->pos,

4
includes/Variables/LazyVariableComputer.php
View file

@ -362,8 +362,8 @@ class LazyVariableComputer {
}
}
return $result instanceof AFPData
? $result : AFPData::newFromPHPVar( $result );
// @phan-suppress-next-line SecurityCheck-ReDoS Legit, but that's the intention
return $result instanceof AFPData ? $result : AFPData::newFromPHPVar( $result );
}
/**