Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F38217488
01-T347742.patch
sbassett (Scott Bassett)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
sbassett
Oct 12 2023, 8:58 PM
2023-10-12 20:58:47 (UTC+0)
Size
1002 B
Referenced Files
None
Subscribers
None
01-T347742.patch
View Options
From d390a393b0e389889d8aafd910b1b0629e187ca4 Mon Sep 17 00:00:00 2001
From: sbassett <sbassett@wikimedia.org>
Date: Thu, 12 Oct 2023 15:55:56 -0500
Subject: [PATCH] SECURITY: Properly escape massmessage-form-page-help by
specifying it as a help-message
Bug: T347742
---
includes/Specials/SpecialMassMessage.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/Specials/SpecialMassMessage.php b/includes/Specials/SpecialMassMessage.php
index a0c06dd..9d4274f 100644
--- a/includes/Specials/SpecialMassMessage.php
+++ b/includes/Specials/SpecialMassMessage.php
@@ -181,7 +181,7 @@ class SpecialMassMessage extends FormSpecialPage {
'tabindex' => $controlTabIndex++,
'label-message' => 'massmessage-form-page',
'default' => $request->getText( 'page-message' ),
- 'help' => $this->msg( 'massmessage-form-page-help' )->text(),
+ 'help-message' => $this->msg( 'massmessage-form-page-help' )->text(),
'required' => false
];
--
2.39.3 (Apple Git-145)
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
11838982
Default Alt Text
01-T347742.patch (1002 B)
Attached To
Mode
T347742: CVE-2024-23176: MassMessage i18n key massmessage-form-page-help allows i18n-xss
Attached
Detach File
Event Timeline
Log In to Comment