diff options
Diffstat (limited to 'MLEB/Translate/utils/TranslateYaml.php')
| -rw-r--r-- | MLEB/Translate/utils/TranslateYaml.php | 81 |
1 files changed, 42 insertions, 39 deletions
diff --git a/MLEB/Translate/utils/TranslateYaml.php b/MLEB/Translate/utils/TranslateYaml.php index 2677cb0a..699676a9 100644 --- a/MLEB/Translate/utils/TranslateYaml.php +++ b/MLEB/Translate/utils/TranslateYaml.php @@ -6,7 +6,7 @@ * @author Ævar Arnfjörð Bjarmason * @author Niklas Laxström * @copyright Copyright © 2009-2013, Niklas Laxström, Ævar Arnfjörð Bjarmason - * @license GPL-2.0+ + * @license GPL-2.0-or-later */ /** @@ -15,27 +15,7 @@ */ class TranslateYaml { /** - * @deprecated in 2014.01 - */ - public static function parseGroupFile( $filename ) { - $data = file_get_contents( $filename ); - wfDeprecated( 'Use MessageGroupConfigurationParser' ); - $parser = new MessageGroupConfigurationParser(); - - return $parser->getHopefullyValidConfigurations( $data ); - } - - /** - * @deprecated in 2014.01 - */ - public static function mergeTemplate( $base, $specific ) { - wfDeprecated( 'Use MessageGroupConfigurationParser' ); - - return MessageGroupConfigurationParser::mergeTemplate( $base, $specific ); - } - - /** - * @param $text string + * @param string $text * @return array * @throws MWException */ @@ -44,19 +24,23 @@ class TranslateYaml { switch ( $wgTranslateYamlLibrary ) { case 'phpyaml': - $ret = yaml_parse( $text ); + // Harden: do not support unserializing objects. + // Method 1: PHP ini setting (not supported by HHVM) + // Method 2: Callback handler for !php/object + $previousValue = ini_set( 'yaml.decode_php', false ); + $ignored = 0; + $callback = function ( $value ) { + return $value; + }; + $ret = yaml_parse( $text, 0, $ignored, [ '!php/object' => $callback ] ); + ini_set( 'yaml.decode_php', $previousValue ); if ( $ret === false ) { // Convert failures to exceptions - throw new InvalidArgumentException( "Invalid Yaml string" ); + throw new InvalidArgumentException( 'Invalid Yaml string' ); } return $ret; - case 'spyc': - // Load the bundled version if not otherwise available - if ( !class_exists( 'Spyc' ) ) { - require_once __DIR__ . '/../libs/spyc/spyc.php'; - } $yaml = spyc_load( $text ); return self::fixSpycSpaces( $yaml ); @@ -65,12 +49,12 @@ class TranslateYaml { return self::fixSyckBooleans( $yaml ); default: - throw new MWException( "Unknown Yaml library" ); + throw new MWException( 'Unknown Yaml library' ); } } /** - * @param $yaml array + * @param array &$yaml * @return array */ public static function fixSyckBooleans( &$yaml ) { @@ -86,7 +70,7 @@ class TranslateYaml { } /** - * @param $yaml array + * @param array &$yaml * @return array */ public static function fixSpycSpaces( &$yaml ) { @@ -112,17 +96,36 @@ class TranslateYaml { switch ( $wgTranslateYamlLibrary ) { case 'phpyaml': - return yaml_emit( $text, YAML_UTF8_ENCODING ); - + return self::phpyamlDump( $text ); case 'spyc': - require_once __DIR__ . '/../libs/spyc/spyc.php'; - return Spyc::YAMLDump( $text ); case 'syck': return self::syckDump( $text ); default: - throw new MWException( "Unknown Yaml library" ); + throw new MWException( 'Unknown Yaml library' ); + } + } + + protected static function phpyamlDump( $data ) { + if ( !is_array( $data ) ) { + return yaml_emit( $data, YAML_UTF8_ENCODING ); } + + // Fix decimal-less floats strings such as "2." + // https://bugs.php.net/bug.php?id=76309 + $random = MWCryptRand::generateHex( 8 ); + // Ensure our random does not look like a number + $random = "X$random"; + $mangler = function ( &$item ) use ( $random ) { + if ( preg_match( '/^[0-9]+\.$/', $item ) ) { + $item = "$random$item$random"; + } + }; + + array_walk_recursive( $data, $mangler ); + $yaml = yaml_emit( $data, YAML_UTF8_ENCODING ); + $yaml = str_replace( $random, '"', $yaml ); + return $yaml; } protected static function syckLoad( $data ) { @@ -143,7 +146,7 @@ class TranslateYaml { $out = wfShellExec( $cmd, $ret ); - if ( $ret != 0 ) { + if ( (int)$ret !== 0 ) { throw new MWException( "The command '$cmd' died in execution with exit code '$ret': $out" ); } @@ -186,7 +189,7 @@ class TranslateYaml { '}' . "' 2>&1"; $out = wfShellExec( $cmd, $ret ); - if ( $ret != 0 ) { + if ( (int)$ret !== 0 ) { throw new MWException( "The command '$cmd' died in execution with exit code '$ret': $out" ); } |