Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F36934360
T333569.patch
Dreamy_Jazz (WBrown (WMF))
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Dreamy_Jazz
Mar 30 2023, 2:54 PM
2023-03-30 14:54:38 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
T333569.patch
View Options
From 85f91e7f5265ed6fd0c617f28240461219a97ca3 Mon Sep 17 00:00:00 2001
From: Dreamy Jazz <dreamyjazzwikipedia@gmail.com>
Date: Thu, 30 Mar 2023 15:46:41 +0100
Subject: [PATCH] SECURITY: Escape user-agent in SpecialCheckUser get edits
mode
HTML escape the user agent before showing it in Special:CheckUser's
'get edits' mode. Currently allows for HTML injection.
Bug: T333569
Change-Id: I2afeeff67d6e16bf63f7f29d4c34805bfc62eac5
---
templates/GetEditsLine.mustache | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/GetEditsLine.mustache b/templates/GetEditsLine.mustache
index ebc6dc81..7da2514b 100644
--- a/templates/GetEditsLine.mustache
+++ b/templates/GetEditsLine.mustache
@@ -15,6 +15,6 @@
<div class="mw-checkuser-indented"><small>
<strong>IP</strong>: <span class="mw-checkuser-ip">{{{ipLink}}}</span>{{#xff}}  
<strong>XFF</strong>: <span class="mw-checkuser-xff{{#xffTrusted}} mw-checkuser-xff-trusted{{/xffTrusted}}">{{{ . }}}</span>{{/xff}}
-   <span class="mw-checkuser-agent">{{{userAgent}}}</span>
+   <span class="mw-checkuser-agent">{{userAgent}}</span>
</small></div>
</li>
--
2.25.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
10787908
Default Alt Text
T333569.patch (1 KB)
Attached To
Mode
T333569: CVE-2023-37255: Special:CheckUser 'get edits' is vulnerable to HTML injection through user agent string
Attached
Detach File
Event Timeline
Log In to Comment