Page MenuHomePhabricator
Files F182244

T103391.patch
csteipp (Chris Steipp)
Actions

Authored By
csteipp
Jun 22 2015, 8:05 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T103391.patch
View Options

From 71a96739a9fd89cfbd77093132a7e8d564482733 Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Mon, 22 Jun 2015 13:04:14 -0700
Subject: [PATCH] SECURITY: Fix multiple xss
Bug: T103391
---
includes/SF_PageSection.php | 8 +++-----
specials/SF_FormEdit.php | 10 +++++++++-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/includes/SF_PageSection.php b/includes/SF_PageSection.php
index 0e02e72..c610c17 100644
--- a/includes/SF_PageSection.php
+++ b/includes/SF_PageSection.php
@@ -60,12 +60,10 @@ class SFPageSection {
$section_level = $this->mSectionLevel;
$section_str = wfMessage( 'sf_createform_pagesection' )->text() . " '" . $section_name . "'";
- $text = <<<END
- <input type="hidden" name="section_$section_count" value="$section_name">
- <div class="sectionForm">
- <h2>$section_str</h2>
+ $text = Html::hidden( "section_$section_count", $section_name );
+ $text .= '<div class="sectionForm">';
+ $text .= Html::element( 'h2', array(), $section_str );
-END;
foreach ( $wgRequest->getValues() as $key => $value ) {
if ( ( $pos = strpos( $key, '_section_'.$section_count ) ) != false ) {
$paramName = substr( $key, 0, $pos );
diff --git a/specials/SF_FormEdit.php b/specials/SF_FormEdit.php
index d387f3b..5c5a9e0 100644
--- a/specials/SF_FormEdit.php
+++ b/specials/SF_FormEdit.php
@@ -52,7 +52,15 @@ class SFFormEdit extends UnlistedSpecialPage {
if ( $i++ > 0 ) {
$text .= ', ';
}
- $text .= "<a href=\"$fe_url/$alt_form/$target_name\">" . str_replace( '_', ' ', $alt_form ) . '</a>';
+ $text .= Html::element(
+ 'a',
+ array(
+ 'href' => $fe_url . '/'
+ . rawurlencode( $alt_form ) . '/'
+ . rawurlencode( $target_name )
+ ),
+ str_replace( '_', ' ', $alt_form )
+ );
}
return $text;
}
--
1.8.4.5

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
175166
Default Alt Text
T103391.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL