diff options
Diffstat (limited to 'www/wiki/extensions/Translate/utils/TranslateYaml.php')
| -rw-r--r-- | www/wiki/extensions/Translate/utils/TranslateYaml.php | 71 |
1 files changed, 37 insertions, 34 deletions
diff --git a/www/wiki/extensions/Translate/utils/TranslateYaml.php b/www/wiki/extensions/Translate/utils/TranslateYaml.php index 96b275be..699676a9 100644 --- a/www/wiki/extensions/Translate/utils/TranslateYaml.php +++ b/www/wiki/extensions/Translate/utils/TranslateYaml.php @@ -6,7 +6,7 @@ * @author Ævar Arnfjörð Bjarmason * @author Niklas Laxström * @copyright Copyright © 2009-2013, Niklas Laxström, Ævar Arnfjörð Bjarmason - * @license GPL-2.0+ + * @license GPL-2.0-or-later */ /** @@ -15,27 +15,7 @@ */ class TranslateYaml { /** - * @deprecated in 2014.01 - */ - public static function parseGroupFile( $filename ) { - $data = file_get_contents( $filename ); - wfDeprecated( 'Use MessageGroupConfigurationParser' ); - $parser = new MessageGroupConfigurationParser(); - - return $parser->getHopefullyValidConfigurations( $data ); - } - - /** - * @deprecated in 2014.01 - */ - public static function mergeTemplate( $base, $specific ) { - wfDeprecated( 'Use MessageGroupConfigurationParser' ); - - return MessageGroupConfigurationParser::mergeTemplate( $base, $specific ); - } - - /** - * @param $text string + * @param string $text * @return array * @throws MWException */ @@ -44,19 +24,23 @@ class TranslateYaml { switch ( $wgTranslateYamlLibrary ) { case 'phpyaml': - $ret = yaml_parse( $text ); + // Harden: do not support unserializing objects. + // Method 1: PHP ini setting (not supported by HHVM) + // Method 2: Callback handler for !php/object + $previousValue = ini_set( 'yaml.decode_php', false ); + $ignored = 0; + $callback = function ( $value ) { + return $value; + }; + $ret = yaml_parse( $text, 0, $ignored, [ '!php/object' => $callback ] ); + ini_set( 'yaml.decode_php', $previousValue ); if ( $ret === false ) { // Convert failures to exceptions throw new InvalidArgumentException( 'Invalid Yaml string' ); } return $ret; - case 'spyc': - // Load the bundled version if not otherwise available - if ( !class_exists( 'Spyc' ) ) { - require_once __DIR__ . '/../libs/spyc/spyc.php'; - } $yaml = spyc_load( $text ); return self::fixSpycSpaces( $yaml ); @@ -70,7 +54,7 @@ class TranslateYaml { } /** - * @param $yaml array + * @param array &$yaml * @return array */ public static function fixSyckBooleans( &$yaml ) { @@ -86,7 +70,7 @@ class TranslateYaml { } /** - * @param $yaml array + * @param array &$yaml * @return array */ public static function fixSpycSpaces( &$yaml ) { @@ -112,11 +96,8 @@ class TranslateYaml { switch ( $wgTranslateYamlLibrary ) { case 'phpyaml': - return yaml_emit( $text, YAML_UTF8_ENCODING ); - + return self::phpyamlDump( $text ); case 'spyc': - require_once __DIR__ . '/../libs/spyc/spyc.php'; - return Spyc::YAMLDump( $text ); case 'syck': return self::syckDump( $text ); @@ -125,6 +106,28 @@ class TranslateYaml { } } + protected static function phpyamlDump( $data ) { + if ( !is_array( $data ) ) { + return yaml_emit( $data, YAML_UTF8_ENCODING ); + } + + // Fix decimal-less floats strings such as "2." + // https://bugs.php.net/bug.php?id=76309 + $random = MWCryptRand::generateHex( 8 ); + // Ensure our random does not look like a number + $random = "X$random"; + $mangler = function ( &$item ) use ( $random ) { + if ( preg_match( '/^[0-9]+\.$/', $item ) ) { + $item = "$random$item$random"; + } + }; + + array_walk_recursive( $data, $mangler ); + $yaml = yaml_emit( $data, YAML_UTF8_ENCODING ); + $yaml = str_replace( $random, '"', $yaml ); + return $yaml; + } + protected static function syckLoad( $data ) { # Make temporary file $td = wfTempDir(); |