wikimedia/mediawiki-extensions-Popups
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Popups synced 2024-11-14 11:15:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Properly escape messages passed to HTMLForm

Browse source 
THe messages in 'options' need to be HTML escaped.

Spotted by the phan-taint-check plugin.

Change-Id: I1e207e5ca644551ae56cdd484f5f29267b6d764f
This commit is contained in:
Kunal Mehta 2018-05-20 13:41:33 -07:00
parent ce7cb2c336
commit 87fac42511
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
includes/PopupsHooks.php
View file

@ -50,9 +50,9 @@ class PopupsHooks {
'label-message' => 'popups-prefs-optin-title',
'help-message' => 'popups-prefs-conflicting-gadgets-info',
'options' => [
wfMessage( 'popups-prefs-optin-enabled-label' )->text()
wfMessage( 'popups-prefs-optin-enabled-label' )->escaped()
=> PopupsContext::PREVIEWS_ENABLED,
wfMessage( 'popups-prefs-optin-disabled-label' )->text()
wfMessage( 'popups-prefs-optin-disabled-label' )->escaped()
=> PopupsContext::PREVIEWS_DISABLED
],
'section' => self::PREVIEWS_PREFERENCES_SECTION