Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34678010
0001-SECURITY-Escape-date-values.patch
Zabe
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Authored By
Zabe
Oct 7 2021, 9:38 PM
2021-10-07 21:38:39 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
0001-SECURITY-Escape-date-values.patch
View Options
From 1ca9645133502c5317aed3998b27cd9aeae91eda Mon Sep 17 00:00:00 2001
From: Alexander Vorwerk <alexander.vorwerk@stud.uni-goettingen.de>
Date: Thu, 7 Oct 2021 23:23:48 +0200
Subject: [PATCH] SECURITY: Escape date values
Bug: T292795
Change-Id: If7cd112e627f47f9aca69b380dde1634bf55f789
---
src/LogPager.php | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/LogPager.php b/src/LogPager.php
index 72495c9..d6d3941 100644
--- a/src/LogPager.php
+++ b/src/LogPager.php
@@ -47,9 +47,15 @@ class LogPager extends ReverseChronologicalPager {
'checkuser-log-entry-' . $row->cul_type,
$user,
$target,
- $lang->userTimeAndDate( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser ),
- $lang->userDate( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser ),
- $lang->userTime( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser )
+ htmlspecialchars(
+ $lang->userTimeAndDate( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser )
+ ),
+ htmlspecialchars(
+ $lang->userDate( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser )
+ ),
+ htmlspecialchars(
+ $lang->userTime( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser )
+ )
)->text();
$rowContent .= Linker::commentBlock( $row->cul_reason );
--
2.17.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9199000
Default Alt Text
0001-SECURITY-Escape-date-values.patch (1 KB)
Attached To
Mode
T292795: XSS vulnerability in Special:CheckUserLog (CVE-2021-46150)
Attached
Detach File
Event Timeline
Log In to Comment