Page MenuHomePhabricator
Files F66724458

T406380.patch
SomeRandomDeveloper
Actions

Authored By
SomeRandomDeveloper
Oct 3 2025, 7:25 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T406380.patch
View Options

From 9347bafd6080a3e87a367b3476498e93fc54b538 Mon Sep 17 00:00:00 2001
From: SomeRandomDeveloper <thisisnotmyname275@gmail.com>
Date: Fri, 3 Oct 2025 21:24:19 +0200
Subject: [PATCH] SECURITY: Escape user input in SQL queries
This fixes two SQL injection vulnerabilities through
Special:ClearPendingReviews.
Bug: T406380
Change-Id: I6c0018713e0fe0a2ec3610508ea3581e2c8035e4
---
specials/SpecialClearPendingReviews.php | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/specials/SpecialClearPendingReviews.php b/specials/SpecialClearPendingReviews.php
index 1d07ad9..60ee10f 100644
--- a/specials/SpecialClearPendingReviews.php
+++ b/specials/SpecialClearPendingReviews.php
@@ -114,10 +114,11 @@ class SpecialClearPendingReviews extends SpecialPage {
$conditions = '';
if ( $category ) {
- $conditions .= "c.cl_to='$category' AND ";
+ $quotedCategory = $dbw->addQuotes( $category );
+ $conditions .= "c.cl_to=$quotedCategory AND ";
}
if ( $page ) {
- $conditions .= "w.wl_title LIKE '$page%' AND ";
+ $conditions .= 'w.wl_title ' . $dbw->buildLike( $page, $dbw->anyString() ) . ' AND ';
}
$tables = [ 'w' => 'watchlist', 'p' => 'page', 'c' => 'categorylinks' ];
--
2.51.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
21894364
Default Alt Text
T406380.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits