wikimedia/mediawiki-extensions-Popups
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Popups synced 2024-11-14 19:25:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Properly escape messages passed to HTMLForm

Browse source 
THe messages in 'options' need to be HTML escaped.

Spotted by the phan-taint-check plugin.

Change-Id: I1e207e5ca644551ae56cdd484f5f29267b6d764f
This commit is contained in:
Kunal Mehta 2018-05-20 13:41:33 -07:00
parent ce7cb2c336
commit 87fac42511
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
includes/PopupsHooks.php
View file

@ -50,9 +50,9 @@ class PopupsHooks {
'label-message' => 'popups-prefs-optin-title', 'label-message' => 'popups-prefs-optin-title',
'help-message' => 'popups-prefs-conflicting-gadgets-info', 'help-message' => 'popups-prefs-conflicting-gadgets-info',
'options' => [ 'options' => [
wfMessage( 'popups-prefs-optin-enabled-label' )->text() wfMessage( 'popups-prefs-optin-enabled-label' )->escaped()
=> PopupsContext::PREVIEWS_ENABLED, => PopupsContext::PREVIEWS_ENABLED,
wfMessage( 'popups-prefs-optin-disabled-label' )->text() wfMessage( 'popups-prefs-optin-disabled-label' )->escaped()
=> PopupsContext::PREVIEWS_DISABLED => PopupsContext::PREVIEWS_DISABLED
], ],
'section' => self::PREVIEWS_PREFERENCES_SECTION 'section' => self::PREVIEWS_PREFERENCES_SECTION