mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/ImageMap
synced 2024-11-27 15:40:03 +00:00
Do not use raw html i18n messages for errors.
The i18n Error messages should be properly escaped. This is not an XSS as the none of the parameters to the error message were user controlled (outside of MW namespace) This fixes the outstanding errors from phan-taint-check Change-Id: I0b4d6b5eb3e210a131937e65268091ec83f0b434
This commit is contained in:
parent
613872b9ca
commit
b5a5613a3a
|
@ -401,6 +401,6 @@ class ImageMap {
|
|||
* @return string HTML
|
||||
*/
|
||||
static function error( $name, $line = false ) {
|
||||
return '<p class="error">' . wfMessage( $name, $line )->text() . '</p>';
|
||||
return '<p class="error">' . wfMessage( $name, $line )->parse() . '</p>';
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue