Page MenuHomePhabricator
Files F57276847

0001-SECURITY-Escape-MediaWiki-Sidebar-before-rendering.patch
Redmin (Radman Siddiki)
Actions

Authored By
Redmin
Aug 16 2024, 1:36 PM
Size
1007 B
Referenced Files
None
Subscribers
None

0001-SECURITY-Escape-MediaWiki-Sidebar-before-rendering.patch
View Options

From d68fbf0ac6417a4b4354c8f967a5c56172333a01 Mon Sep 17 00:00:00 2001
From: Radman Siddiki <radman.siddiki@gmail.com>
Date: Fri, 16 Aug 2024 19:31:50 +0600
Subject: [PATCH] SECURITY: Escape MediaWiki:Sidebar before rendering
Bug: T370081
---
ApexTemplate.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ApexTemplate.php b/ApexTemplate.php
index de8e0c2..95a7405 100644
--- a/ApexTemplate.php
+++ b/ApexTemplate.php
@@ -227,7 +227,7 @@ class ApexTemplate extends BaseTemplate {
$msg = $name;
}
?>
-<div class="portal" id='<?php echo Sanitizer::escapeIdForAttribute( "p-$name" ) ?>'<?php echo Linker::tooltip( 'p-' . $name ) ?>>
+<div class="portal" id='<?php echo htmlspecialchars(Sanitizer::escapeIdForAttribute( "p-$name" ), ENT_QUOTES) ?>'<?php echo Linker::tooltip( 'p-' . $name ) ?>>
<h5<?php $this->html( 'userlangattributes' ) ?>><?php
$msgObj = wfMessage( $msg );
echo htmlspecialchars( $msgObj->exists() ? $msgObj->text() : $msg );
--
2.37.2.windows.2

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18758960
Default Alt Text
0001-SECURITY-Escape-MediaWiki-Sidebar-before-rendering.patch (1007 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits