Page MenuHomePhabricator
Create Task
Maniphest T101308

Ex:WikidataQualityConstraints - EntityId::getSerialization() is not guaranteed to be safe for HTML
Closed, ResolvedPublic
Actions

Description

In SpecialConstraintReport::buildResultHeader(), $entityId->getSerialization() needs to be escaped before adding to html

Related Objects
Search...

Event Timeline

csteipp created this task.Jun 3 2015, 8:48 PM
csteipp raised the priority of this task from to Needs Triage.
csteipp updated the task description. (Show Details)
csteipp added projects: Wikidata, Wikibase-Quality-Constraints, deprecated-security-team-reviews.
csteipp added subscribers: Andreasburmeister, csteipp, Tamslo and 4 others.
csteipp mentioned this in T99355: Security review of Wikibase-Quality-Constraints - v1 branch.Jun 3 2015, 8:52 PM
csteipp removed a project: deprecated-security-team-reviews.Jun 4 2015, 11:58 PM
csteipp set Security to None.
soeren.oldag closed this task as Resolved.Jun 5 2015, 9:34 AM
soeren.oldag assigned this task to dominic.sauer.
soeren.oldag subscribed.Jun 5 2015, 12:30 PM

Gerrit-Change: https://gerrit.wikimedia.org/r/#/c/216047/

csteipp reopened this task as Open.Jun 5 2015, 5:12 PM

See my comment on the gerrit patch

gerritbot subscribed.Jun 6 2015, 9:03 AM

Change 216405 had a related patch set uploaded (by Soeren.oldag):
Serialization of entity ids is now escaped correctly.

https://gerrit.wikimedia.org/r/216405

gerritbot added a project: Patch-For-Review.Jun 6 2015, 9:03 AM
gerritbot added a comment.Jun 8 2015, 8:33 AM

Change 216405 merged by Jonaskeutel:
Serialization of entity ids is now escaped correctly.

https://gerrit.wikimedia.org/r/216405

Lydia_Pintscher moved this task from incoming to ready to go on the Wikidata board.Jun 10 2015, 6:36 AM
Lydia_Pintscher triaged this task as High priority.Jun 12 2015, 1:15 PM
csteipp closed this task as Resolved.Jun 12 2015, 4:36 PM

Fix looks correct

Liuxinyu970226 unsubscribed.Jun 12 2015, 11:34 PM
Aklapper removed a subscriber: Wikibase-Quality-Constraints.May 16 2023, 10:25 AM
Maintenance_bot removed a project: Patch-For-Review.May 16 2023, 10:35 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL