Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Fix #18913: Add filename validation for `MessageSource::getMessageFilePath()` 

Co-authored-by: Alexander Makarov <sam@rmcreative.ru>
tags/2.0.44
Oleg Poludnenko 3 years ago committed by GitHub
parent
435b6dc732
commit
01b6b2a5d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      framework/CHANGELOG.md
  2. 5
      framework/i18n/GettextMessageSource.php
  3. 5
      framework/i18n/PhpMessageSource.php

1
framework/CHANGELOG.md
Unescape View File

@ -22,6 +22,7 @@ Yii Framework 2 Change Log
- Enh #18899: Replace usages of `strpos` with `strncmp` and remove redundant usage of `array_merge` and `array_values` (AlexGx)
- Bug #18898: Fix `yii\helpers\Inflector::camel2words()` to work with words ending with 0 (michaelarnauts)
- Enh #18904: Improve Captcha client-side validation (hexkir)
- Bug #18913: Add filename validation for `MessageSource::getMessageFilePath()` (uaoleg)
2.0.43 August 09, 2021

5
framework/i18n/GettextMessageSource.php
Unescape View File

@ -8,6 +8,7 @@
namespace yii\i18n;
use Yii;
use yii\base\InvalidArgumentException;
/**
* GettextMessageSource represents a message source that is based on GNU Gettext.
@ -129,6 +130,10 @@ class GettextMessageSource extends MessageSource
*/
protected function getMessageFilePath($language)
{
$language = (string) $language;
if ($language !== '' && !preg_match('/^[a-z_-]+$/i', $language)) {
throw new InvalidArgumentException(sprintf('Invalid language code: "%s".', $language));
}
$messageFile = Yii::getAlias($this->basePath) . '/' . $language . '/' . $this->catalog;
if ($this->useMoFile) {
$messageFile .= self::MO_FILE_EXT;

5
framework/i18n/PhpMessageSource.php
Unescape View File

@ -8,6 +8,7 @@
namespace yii\i18n;
use Yii;
use yii\base\InvalidArgumentException;
/**
* PhpMessageSource represents a message source that stores translated messages in PHP scripts.
@ -132,6 +133,10 @@ class PhpMessageSource extends MessageSource
*/
protected function getMessageFilePath($category, $language)
{
$language = (string) $language;
if ($language !== '' && !preg_match('/^[a-z_-]+$/i', $language)) {
throw new InvalidArgumentException(sprintf('Invalid language code: "%s".', $language));
}
$messageFile = Yii::getAlias($this->basePath) . "/$language/";
if (isset($this->fileMap[$category])) {
$messageFile .= $this->fileMap[$category];

Write Preview
Loading…
Cancel
Save