Page MenuHomePhabricator
Files F34961754

0001-SECURITY-Also-allow-numbers.patch
Lucas_Werkmeister_WMDE (Lucas Werkmeister (WMDE))
Actions

Authored By
Lucas_Werkmeister_WMDE
Feb 22 2022, 9:47 AM
Size
936 B
Referenced Files
None
Subscribers
None

0001-SECURITY-Also-allow-numbers.patch
View Options

From 13acf10eb1cbff480c731bd3d22f249d250885f2 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <lucas.werkmeister@wikimedia.de>
Date: Tue, 22 Feb 2022 10:45:24 +0100
Subject: [PATCH] SECURITY: Also allow numbers
Bug: T302192
---
includes/JCTabularContentView.php | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/includes/JCTabularContentView.php b/includes/JCTabularContentView.php
index 87bb231..93b8af0 100644
--- a/includes/JCTabularContentView.php
+++ b/includes/JCTabularContentView.php
@@ -133,7 +133,9 @@ public function valueToHtml(
$header['class'] = 'mw-tabular-value-null';
$column = '';
} else {
- $column = is_string( $column ) ? htmlspecialchars( $column ) : '';
+ $column = is_string( $column ) || is_numeric( $column )
+ ? htmlspecialchars( (string)$column )
+ : '';
}
$vals[] = Html::rawElement( 'td', $header, $column );
}
--
2.32.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9351809
Default Alt Text
0001-SECURITY-Also-allow-numbers.patch (936 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL