SECURITY: Catch MalformedTitleException from vector-intro-page

CVE-2023- If the vector-intro-page message doesn’t parse as a valid title, skip customizing the menu entry label instead of crashing. (Optionally, this could maybe log a warning or something later.) Bug: T340220 Change-Id: I2769c1f3115898bbe697ebe9c9c0eaf0ddc0d251
2024-09-23 10:21:40 +00:00 · 2023-06-28 16:20:06 +02:00 · 2023-06-28 16:20:06 +02:00 · e42ed9b30b
parent 1a172418b5
commit e42ed9b30b
1 changed files with 13 additions and 9 deletions
--- a/includes/SkinVector.php
+++ b/includes/SkinVector.php
@ -269,16 +269,20 @@ abstract class SkinVector extends SkinMustache {
 		$templateName = $isTempUser ? 'UserLinks__templogin' : 'UserLinks__login';

 		if ( !$isTempUser && $includeLearnMoreLink ) {
-			$learnMoreLinkData = [
-				'text' => $this->msg( 'vector-anon-user-menu-pages-learn' )->text(),
-				'href' => Title::newFromText( $this->msg( 'vector-intro-page' )->text() )->getLocalURL(),
-				'aria-label' => $this->msg( 'vector-anon-user-menu-pages-label' )->text(),
-			];
+			try {
+				$learnMoreLinkData = [
+					'text' => $this->msg( 'vector-anon-user-menu-pages-learn' )->text(),
+					'href' => Title::newFromText( $this->msg( 'vector-intro-page' )->text() )->getLocalURL(),
+					'aria-label' => $this->msg( 'vector-anon-user-menu-pages-label' )->text(),
+				];

-			$templateData['data-anon-editor'] = [
-				'htmlLearnMoreLink' => $this->makeLink( '', $learnMoreLinkData ),
-				'msgLearnMore' => $this->msg( 'vector-anon-user-menu-pages' )
-			];
+				$templateData['data-anon-editor'] = [
+					'htmlLearnMoreLink' => $this->makeLink( '', $learnMoreLinkData ),
+					'msgLearnMore' => $this->msg( 'vector-anon-user-menu-pages' )
+				];
+			} catch ( MalformedTitleException $e ) {
+				// ignore (T340220)
+			}
 		}

 		return $templateParser->processTemplate( $templateName, $templateData );