Page MenuHomePhabricator
Authored By
sbassett
Mar 5 2020, 10:55 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T236509.patch

From b30858d19a438d4855169b995de6414b45d3ff83 Mon Sep 17 00:00:00 2001
From: sbassett <sbassett@wikimedia.org>
Date: Thu, 5 Mar 2020 16:50:30 -0600
Subject: [PATCH] SECURITY: Mitigate potential XSS within UserGroupMembership
UserGroupMembership::getLink() can render an XSS if the
group-membership-link-with-expiry message is altered to include
executable JavaScript. This function is called within a few
portions of Mediawiki core and extension code, including within
the Special:UserRights page.
Bug: T236509
---
includes/user/UserGroupMembership.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/user/UserGroupMembership.php b/includes/user/UserGroupMembership.php
index 4da7125931..bdb5018ee4 100644
--- a/includes/user/UserGroupMembership.php
+++ b/includes/user/UserGroupMembership.php
@@ -420,7 +420,7 @@ class UserGroupMembership {
$groupLink = Message::rawParam( $groupLink );
}
return $context->msg( 'group-membership-link-with-expiry' )
- ->params( $groupLink, $expiryDT, $expiryD, $expiryT )->text();
+ ->params( $groupLink, $expiryDT, $expiryD, $expiryT )->parse();
}
return $groupLink;
}
--
2.22.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8343505
Default Alt Text
T236509.patch (1 KB)

Event Timeline