Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34961754
0001-SECURITY-Also-allow-numbers.patch
Lucas_Werkmeister_WMDE (Lucas Werkmeister (WMDE))
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Lucas_Werkmeister_WMDE
Feb 22 2022, 9:47 AM
2022-02-22 09:47:27 (UTC+0)
Size
936 B
Referenced Files
None
Subscribers
None
0001-SECURITY-Also-allow-numbers.patch
View Options
From 13acf10eb1cbff480c731bd3d22f249d250885f2 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <lucas.werkmeister@wikimedia.de>
Date: Tue, 22 Feb 2022 10:45:24 +0100
Subject: [PATCH] SECURITY: Also allow numbers
Bug: T302192
---
includes/JCTabularContentView.php | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/includes/JCTabularContentView.php b/includes/JCTabularContentView.php
index 87bb231..93b8af0 100644
--- a/includes/JCTabularContentView.php
+++ b/includes/JCTabularContentView.php
@@ -133,7 +133,9 @@ public function valueToHtml(
$header['class'] = 'mw-tabular-value-null';
$column = '';
} else {
- $column = is_string( $column ) ? htmlspecialchars( $column ) : '';
+ $column = is_string( $column ) || is_numeric( $column )
+ ? htmlspecialchars( (string)$column )
+ : '';
}
$vals[] = Html::rawElement( 'td', $header, $column );
}
--
2.32.0
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9351809
Default Alt Text
0001-SECURITY-Also-allow-numbers.patch (936 B)
Attached To
Mode
T302192: Data fields in Commons tabular datasets allow running arbitrary JS (CVE-2022-28210)
Attached
Detach File
Event Timeline
Log In to Comment