Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34598374
T289063.patch
Urbanecm_WMF (Martin Urbanec / Urbanecm)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Urbanecm_WMF
Aug 17 2021, 3:11 PM
2021-08-17 15:11:24 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
T289063.patch
View Options
From 9f0822192576c417b49f46ebffbe0cbc1a3f2169 Mon Sep 17 00:00:00 2001
From: Martin Urbanec <martin.urbanec@wikimedia.cz>
Date: Tue, 17 Aug 2021 17:04:47 +0200
Subject: [PATCH] SECURITY: Fix XSS vulnerability in mentor dashboard
Html::rawElement cannot be used together with the "text"
mode of messages API; that results in unsafe HTML.
Bug: T289063
Change-Id: I2bd8e98e3b31dce0d2b49707e6e38bd342949314
---
includes/MentorDashboard/Modules/MenteeOverview.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/MentorDashboard/Modules/MenteeOverview.php b/includes/MentorDashboard/Modules/MenteeOverview.php
index 0f8e14aa..60f15b5f 100644
--- a/includes/MentorDashboard/Modules/MenteeOverview.php
+++ b/includes/MentorDashboard/Modules/MenteeOverview.php
@@ -30,7 +30,7 @@ class MenteeOverview extends BaseModule {
* @inheritDoc
*/
protected function getBody() {
- return Html::rawElement(
+ return Html::element(
'div',
[
'class' => 'growthexperiments-mentor-dashboard-module-mentee-overview-content'
--
2.20.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9154674
Default Alt Text
T289063.patch (1 KB)
Attached To
Mode
T289063: Mentor dashboard: Permanent XSS exploitable by wiki admins (server-side part) (CVE-2021-42047)
Attached
Detach File
Event Timeline
Log In to Comment