wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-09-24 10:48:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure the specified filter is valid in ViewHistory

Browse source 
We do not validate the param, and instead only check if it was
specified. In the specific case of ViewHistory, specifying as "filter"
something invalid for a title (e.g. with a + inside) will throw an
exception, seen in production.

Change-Id: I636b4e56f39282593c737ace1d6ff2d90900d997
This commit is contained in:
Daimona Eaytoy 2019-01-29 19:58:59 +01:00
parent f4f43d1ab6
commit 196a3ba7d5
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
includes/Views/AbuseFilterViewHistory.php
View file

@ -17,6 +17,8 @@ class AbuseFilterViewHistory extends AbuseFilterView {
$out = $this->getOutput();
$out->enableOOUI();
$filter = $this->getRequest()->getText( 'filter' ) ?: $this->mFilter;
// Ensure the parameter is a valid filter ID
$filter = preg_match( '/^[1-9][0-9]*$/', (string)$filter ) === 0 ? null : (int)$filter;
if ( $filter ) {
$out->setPageTitle( $this->msg( 'abusefilter-history' )->numParams( $filter ) );