Page MenuHomePhabricator
Files F57696565

T379677.patch
Tgr (Gergő Tisza)
Actions

Authored By
Tgr
Nov 12 2024, 8:54 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T379677.patch
View Options

From c76d5bed82bb7e567f14eba71e5bd7a48609058f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Tue, 12 Nov 2024 21:49:00 +0100
Subject: [PATCH] [SECURITY] Fix unescaped i18n message use in captcha label
Bug: T379677
Change-Id: Ib9079feead4bfe0f1fd2c832c6cabb6eb7149534
---
includes/FancyCaptcha/HTMLFancyCaptchaField.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git includes/FancyCaptcha/HTMLFancyCaptchaField.php includes/FancyCaptcha/HTMLFancyCaptchaField.php
index 72e461f8..12b0227e 100644
--- includes/FancyCaptcha/HTMLFancyCaptchaField.php
+++ includes/FancyCaptcha/HTMLFancyCaptchaField.php
@@ -89,8 +89,8 @@ class HTMLFancyCaptchaField extends HTMLFormField {
public function getLabel() {
// slight abuse of what getLabel() should mean; $mLabel is used for the pre-label text
// as the actual label is always the same
- return $this->mParent->msg( 'captcha-label' )->text() . ' '
- . $this->mParent->msg( 'fancycaptcha-captcha' )->text();
+ return $this->mParent->msg( 'captcha-label' )->escaped() . ' '
+ . $this->mParent->msg( 'fancycaptcha-captcha' )->escaped();
}
/** @inheritDoc */
--
2.34.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18954106
Default Alt Text
T379677.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits