wikimedia/mediawiki-extensions-Interwiki
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Interwiki synced 2024-11-14 18:15:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

(bug 30598) Escape html when displaying url in Log

Browse source 
Add htmlspecialchars escaping to the Interwiki url when displaying in the
logs. Fixes a potential xss.

Change-Id: I3cdf8a4f6c1b1f66a4229c8d9d00c1fc12506dd6
This commit is contained in:
csteipp 2012-04-27 16:24:48 -07:00
parent 38d7cbb5ec
commit 377a2ba09c
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Interwiki_body.php
View file

@ -338,7 +338,7 @@ class InterwikiLogFormatter extends LogFormatter {
protected function getMessageParameters() {
$params = parent::getMessageParameters();
if ( isset( $params[4] ) ) {
$params[4] = Message::rawParam( $params[4] );
$params[4] = Message::rawParam( htmlspecialchars( $params[4] ) );
}
return $params;
}