wikimedia/mediawiki-extensions-ConfirmEdit
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmEdit synced 2024-11-24 00:04:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Avoid double-escaping html tag contents

Browse source 
* Avoid double-escaping the captcha-edit-fail message
via both Html::element and RawMessage.

* Also add suppress comment due to overall taint of
RawMessage.

Bug: T293818
Change-Id: I6b985266a26f6b152bca05a91f6054ed1a5f2a5a
(cherry picked from commit 1493c928c2)
This commit is contained in:
sbassett 2021-10-25 10:19:07 -05:00 committed by SBassett
parent d0995dcef7
commit f1ba778dc9
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
SimpleCaptcha/SimpleCaptcha.php
View file

@ -876,8 +876,10 @@ class SimpleCaptcha {
// for the user, which we don't know, when he did it. // for the user, which we don't know, when he did it.
if ( $this->action === 'edit' ) { if ( $this->action === 'edit' ) {
$status->fatal( $status->fatal(
// T293818 - only worried about $content here
// @phan-suppress-next-line SecurityCheck-DoubleEscaped
new RawMessage( new RawMessage(
Html::element( Html::rawElement(
'div', 'div',
[ 'class' => 'errorbox' ], [ 'class' => 'errorbox' ],
$context->msg( 'captcha-edit-fail' )->text() $context->msg( 'captcha-edit-fail' )->text()