Page MenuHomePhabricator
Files F61293692

01-T394612.patch
sbassett (Scott Bassett)
Actions

Authored By
sbassett
Jun 2 2025, 9:47 PM
Size
2 KB
Referenced Files
None
Subscribers
None

01-T394612.patch
View Options

From d9c3124da49089fdd8f6f7951d3f0a2921bea628 Mon Sep 17 00:00:00 2001
From: SomeRandomDeveloper <thisisnotmyname275@gmail.com>
Date: Mon, 2 Jun 2025 16:29:52 -0500
Subject: [PATCH] SECURITY: Properly escape the quiz-ignore-coef system message
Bug: T394612
Change-Id: I22c16616b8c502342517475683575a0220451fb3
---
templates/Setting.mustache | 2 +-
tests/phpunit/QuizTest.php | 5 ++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/templates/Setting.mustache b/templates/Setting.mustache
index 3c8cf54..b18106c 100644
--- a/templates/Setting.mustache
+++ b/templates/Setting.mustache
@@ -31,7 +31,7 @@
{{# isSettingOtherRow}}
<tr>
{{# notSimple}}
- <td><label for="ignoringCoef">{{{ wfMessage.quiz_ignoreCoef }}}</label></td>
+ <td><label for="ignoringCoef">{{ wfMessage.quiz_ignoreCoef }}</label></td>
<td><input type="checkbox" name="ignoringCoef" id="ignoringCoef" {{{ checked }}}/></td>
{{/ notSimple}}
{{# corrected}}
diff --git a/tests/phpunit/QuizTest.php b/tests/phpunit/QuizTest.php
index cea2d9b..57b52b3 100644
--- a/tests/phpunit/QuizTest.php
+++ b/tests/phpunit/QuizTest.php
@@ -84,7 +84,7 @@ class QuizTest extends QuizTestCase {
. "\n\t\t" . '<td><input class="numerical" type="number" ' .
'name="cutoffPoints" id="cutoffPoints" value="-1"/></td>' . "\n\t" .
'</tr>' . "\n\t" . '<tr>' . "\n\t\t" . '<td><label for="ignoringCoef">'
- . 'Ignore the questions' . "'" . ' coefficients:</label></td>'
+ . 'Ignore the questions&#039; coefficients:</label></td>'
. "\n\t\t" . '<td><input type="checkbox" name="ignoringCoef" id="ignoringCoef" ' .
'checked="checked"/></td>' . "\n\t" .
'</tr>' . "\n\t" . '<tr>' . "\n\t\t\t\t\t"
@@ -107,8 +107,7 @@ class QuizTest extends QuizTestCase {
' value="0"/></td>' . "\n\t\t" . '<td class="margin incorrect"></td>' . "\n\t\t"
. '<td style="background: transparent;">Incorrect</td>' . "\n\t" . '</tr>'
. "\n\t" . '<tr>' . "\n\t\t" .
- '<td><label for="ignoringCoef">Ignore the questions'
- . "'" . ' coefficients:</label></td>'
+ '<td><label for="ignoringCoef">Ignore the questions&#039; coefficients:</label></td>'
. "\n\t\t" . '<td><input type="checkbox" name="ignoringCoef" id="ignoringCoef"' .
' checked="checked"/></td>' . "\n\t\t" .
'<td class="margin NA"></td>' . "\n\t\t" .
--
2.49.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
20600559
Default Alt Text
01-T394612.patch (2 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits