Page MenuHomePhabricator
Authored By
ashley
Oct 25 2020, 10:44 AM
Size
2 KB
Referenced Files
None
Subscribers
None

xss.patch

diff --git a/extension.json b/extension.json
index 457616c..b330c0c 100644
--- a/extension.json
+++ b/extension.json
@@ -1,6 +1,6 @@
{
"name": "RandomGameUnit",
- "version": "2.7.0",
+ "version": "2.8.0",
"author": [
"Aaron Wright",
"David Pean",
diff --git a/includes/RandomGameUnit.php b/includes/RandomGameUnit.php
index 7695d73..de14bad 100644
--- a/includes/RandomGameUnit.php
+++ b/includes/RandomGameUnit.php
@@ -171,7 +171,7 @@ class RandomGameUnit {
$poll_link = Title::makeTitle( $ns, $poll['title'] );
$output = '<div class="game-unit-container">
<h2>' . wfMessage( 'game-unit-poll-title' )->escaped() . '</h2>
- <div class="poll-unit-title">' . $poll_link->getText() . '</div>';
+ <div class="poll-unit-title">' . htmlspecialchars( $poll_link->getText(), ENT_QUOTES ) . '</div>';
if ( $poll['image'] ) {
$poll_image_width = $wgRandomImageSize;
@@ -193,7 +193,7 @@ class RandomGameUnit {
foreach ( $poll['choices'] as $choice ) {
$output .= '<a href="' . htmlspecialchars( $poll_link->getFullURL() ) . '" rel="nofollow">
<input id="poll_choice" type="radio" value="10" name="poll_choice" onclick="location.href=\'' .
- htmlspecialchars( $poll_link->getFullURL() ) . '\'" /> ' . $choice['choice'] .
+ htmlspecialchars( $poll_link->getFullURL() ) . '\'" /> ' . htmlspecialchars( $choice['choice'], ENT_QUOTES ) .
'</a>';
}
$output .= '</div>
@@ -208,7 +208,7 @@ class RandomGameUnit {
$quiz_title = SpecialPage::getTitleFor( 'QuizGameHome' );
$output = '<div class="game-unit-container">
<h2>' . wfMessage( 'game-unit-quiz-title' )->escaped() . '</h2>
- <div class="quiz-unit-title"><a href="' . htmlspecialchars( $quiz_title->getFullURL( "questionGameAction=renderPermalink&permalinkID={$quiz['id']}" ) ) . '" rel="nofollow">' . $quiz['text'] . '</a></div>';
+ <div class="quiz-unit-title"><a href="' . htmlspecialchars( $quiz_title->getFullURL( "questionGameAction=renderPermalink&permalinkID={$quiz['id']}" ) ) . '" rel="nofollow">' . htmlspecialchars( $quiz['text'], ENT_QUOTES ) . '</a></div>';
if ( $quiz['image'] ) {
$quiz_image_width = $wgRandomImageSize;
@@ -279,7 +279,7 @@ class RandomGameUnit {
$output = '<div class="game-unit-container">
<h2>' . wfMessage( 'game-unit-picturegame-title' )->escaped() . '</h2>
- <div class="pg-unit-title">' . $title_text . '</div>
+ <div class="pg-unit-title">' . htmlspecialchars( $title_text, ENT_QUOTES ) . '</div>
<div class="pg-unit-pictures">
<div onmouseout="this.style.backgroundColor = \'\'" onmouseover="this.style.backgroundColor = \'#4B9AF6\'">
<a href="' . htmlspecialchars( $pic_game_link->getFullURL( 'picGameAction=renderPermalink&id=' . $picturegame['id'] . '&voteID=' . $picturegame['id'] . '&key=' . $key ) ) . '">' . $imgOne . '</a>

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8596364
Default Alt Text
xss.patch (2 KB)

Event Timeline