Add missing limits to explode() calls

This is fixing potential bugs where invalid strings with more than one comma have silently been accepted. Change-Id: Ib1e7d0c99973f243ef6faad6389bab688187c1cf
2024-11-23 21:53:35 +00:00 · 2019-05-15 16:14:12 +02:00 · 2019-05-15 16:14:12 +02:00 · c6f20a64dd
parent 9cb58a4737
commit c6f20a64dd
4 changed files with 5 additions and 10 deletions
--- a/includes/AbuseFilter.php
+++ b/includes/AbuseFilter.php
@ -2356,9 +2356,7 @@ class AbuseFilter {
 	 * @return null|string Null on success, a string with the error message on failure
 	 */
 	public static function checkThrottleParameters( $params ) {
-		$throttleRate = explode( ',', $params[1] );
-		$throttleCount = $throttleRate[0];
-		$throttlePeriod = $throttleRate[1];
+		list( $throttleCount, $throttlePeriod ) = explode( ',', $params[1], 2 );
 		$throttleGroups = array_slice( $params, 2 );
 		$validGroups = [
 			'ip',
--- a/includes/Views/AbuseFilterViewEdit.php
+++ b/includes/Views/AbuseFilterViewEdit.php
@ -527,12 +527,9 @@ class AbuseFilterViewEdit extends AbuseFilterView {
 				$throttleFields = [];

 				if ( $set ) {
-					array_shift( $parameters );
-					$throttleRate = explode( ',', $parameters[0] );
-					$throttleCount = $throttleRate[0];
-					$throttlePeriod = $throttleRate[1];
+					list( $throttleCount, $throttlePeriod ) = explode( ',', $parameters[1], 2 );

-					$throttleGroups = array_slice( $parameters, 1 );
+					$throttleGroups = array_slice( $parameters, 2 );
 				} else {
 					$throttleCount = 3;
 					$throttlePeriod = 60;
--- a/maintenance/addMissingLoggingEntries.php
+++ b/maintenance/addMissingLoggingEntries.php
@ -61,8 +61,7 @@ class AddMissingLoggingEntries extends Maintenance {

 		foreach ( $logResult as $row ) {
 			// id . '\n' . filter
-			$params = explode( "\n", $row->log_params );
-			// id
+			$params = explode( "\n", $row->log_params, 2 );
 			$afhId = $params[0];
 			// Forget this row had any issues - it just has a different timestamp in the log
 			unset( $afhRows[$afhId] );
--- a/tests/phpunit/AbuseFilterSaveTest.php
+++ b/tests/phpunit/AbuseFilterSaveTest.php
@ -664,6 +664,7 @@ class AbuseFilterSaveTest extends MediaWikiTestCase {
 			[ [ '1', '-3,23', 'user', 'ip' ], 'abusefilter-edit-invalid-throttlecount' ],
 			[ [ '1', '5,2.3', 'user', 'ip' ], 'abusefilter-edit-invalid-throttleperiod' ],
 			[ [ '1', '4,-14', 'user', 'ip' ], 'abusefilter-edit-invalid-throttleperiod' ],
+			[ [ '1', '3,33,44', 'user', 'ip' ], 'abusefilter-edit-invalid-throttleperiod' ],
 			[ [ '1', '3,33' ], 'abusefilter-edit-empty-throttlegroups' ],
 			[ [ '1', '3,33', 'user', 'ip,foo,user' ], 'abusefilter-edit-invalid-throttlegroups' ],
 			[ [ '1', '3,33', 'foo', 'ip,user' ], 'abusefilter-edit-invalid-throttlegroups' ],