Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34598455
T289063.patch
Urbanecm_WMF (Martin Urbanec / Urbanecm)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Urbanecm_WMF
Aug 17 2021, 4:53 PM
2021-08-17 16:53:21 (UTC+0)
Size
2 KB
Referenced Files
None
Subscribers
None
T289063.patch
View Options
From aa9c71e9db6748877e6302baae6949af0fea723c Mon Sep 17 00:00:00 2001
From: Martin Urbanec <martin.urbanec@wikimedia.cz>
Date: Tue, 17 Aug 2021 17:04:47 +0200
Subject: [PATCH] SECURITY: Fix XSS vulnerabilities in mentor dashboard
Html::rawElement cannot be used together with the "text"
mode of messages API; that results in unsafe HTML.
This fixes XSS exploitable by admins by editing following
interface messages:
* growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback
* growthexperiments-mentor-dashboard-mentee-overview-intro
* growthexperiments-mentor-dashboard-resources-intro
Bug: T289063
Change-Id: I2bd8e98e3b31dce0d2b49707e6e38bd342949314
---
includes/MentorDashboard/Modules/MenteeOverview.php | 4 ++--
includes/MentorDashboard/Modules/Resources.php | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/includes/MentorDashboard/Modules/MenteeOverview.php b/includes/MentorDashboard/Modules/MenteeOverview.php
index 0f8e14aa..651079b4 100644
--- a/includes/MentorDashboard/Modules/MenteeOverview.php
+++ b/includes/MentorDashboard/Modules/MenteeOverview.php
@@ -16,7 +16,7 @@ class MenteeOverview extends BaseModule {
* @inheritDoc
*/
protected function getSubheader() {
- return $this->msg( 'growthexperiments-mentor-dashboard-mentee-overview-intro' )->text();
+ return $this->msg( 'growthexperiments-mentor-dashboard-mentee-overview-intro' )->escaped();
}
/**
@@ -30,7 +30,7 @@ class MenteeOverview extends BaseModule {
* @inheritDoc
*/
protected function getBody() {
- return Html::rawElement(
+ return Html::element(
'div',
[
'class' => 'growthexperiments-mentor-dashboard-module-mentee-overview-content'
diff --git a/includes/MentorDashboard/Modules/Resources.php b/includes/MentorDashboard/Modules/Resources.php
index db3a9e43..0643bebe 100644
--- a/includes/MentorDashboard/Modules/Resources.php
+++ b/includes/MentorDashboard/Modules/Resources.php
@@ -51,7 +51,7 @@ class Resources extends BaseModule {
* @inheritDoc
*/
protected function getSubheader() {
- return $this->msg( 'growthexperiments-mentor-dashboard-resources-intro' )->text();
+ return $this->msg( 'growthexperiments-mentor-dashboard-resources-intro' )->escaped();
}
/**
--
2.20.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9154730
Default Alt Text
T289063.patch (2 KB)
Attached To
Mode
T289063: Mentor dashboard: Permanent XSS exploitable by wiki admins (server-side part) (CVE-2021-42047)
Attached
Detach File
Event Timeline
Log In to Comment