Page MenuHomePhabricator
Files F34435897

T281595.patch
Mainframe98 (Klaas Skelte van der Werf)
Actions

Authored By
Mainframe98
Apr 30 2021, 6:38 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T281595.patch
View Options

From 2f251a772ae732353032bbd640da3dfae924b238 Mon Sep 17 00:00:00 2001
From: mainframe98 <k.s.werf@hotmail.com>
Date: Fri, 30 Apr 2021 20:26:15 +0200
Subject: [PATCH] SECURITY: Fix XSS vulnerability in EditPage and
ProtectionForm
The documentation of OutputPage::wrapWikiMsg says it is
equivalent to OutputPage::addWikitextAsInterface called
with wfMessage()->plain(). This is correct, as it parses
it in addWikitextAsInterface. If used with addHtml, no
parsing/escaping is done automatically.
Follow-up to I83f2828bcde160c98a1d97e783a869e64fb4c6ea.
Bug: T281595
Change-Id: Ia6c7a7447e5cea903be9f5d9e76320ea56fedd4c
---
includes/EditPage.php | 2 +-
includes/ProtectionForm.php | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/includes/EditPage.php b/includes/EditPage.php
index f74f3ba61e..e1a7f18e79 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -2966,7 +2966,7 @@ class EditPage implements IEditObject {
if ( $this->wasDeletedSinceLastEdit() && $this->formtype !== 'save' ) {
$out->addHTML( Html::errorBox(
- $out->msg( 'deletedwhileediting' )->plain(),
+ $out->msg( 'deletedwhileediting' )->parse(),
'',
'mw-deleted-while-editing'
) );
diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php
index a0d09b41e3..af9edaf7f5 100644
--- a/includes/ProtectionForm.php
+++ b/includes/ProtectionForm.php
@@ -256,7 +256,7 @@ class ProtectionForm {
$out->addBacklinkSubtitle( $this->mTitle );
if ( is_array( $err ) ) {
- $out->addHTML( Html::errorBox( $out->msg( ...$err )->plain() ) );
+ $out->addHTML( Html::errorBox( $out->msg( ...$err )->parse() ) );
} elseif ( is_string( $err ) ) {
$out->addHTML( Html::errorBox( $err ) );
}
--
2.31.1.windows.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9061155
Default Alt Text
T281595.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL