Page MenuHomePhabricator
Files F70962479

T409737-REL1_44.patch
SomeRandomDeveloper
Actions

Authored By
SomeRandomDeveloper
Dec 9 2025, 2:54 PM
Size
920 B
Referenced Files
None
Subscribers
None

T409737-REL1_44.patch
View Options

From 11bbcdfe1e287ab2ed7cf2b49f36f249f09def37 Mon Sep 17 00:00:00 2001
From: SomeRandomDeveloper <thisisnotmyname275@gmail.com>
Date: Mon, 10 Nov 2025 15:57:31 +0100
Subject: [PATCH] SECURITY: Escape system messages in autocomments
Bug: T409737
Change-Id: I8505700afda8096ef4e183280494232152767004
---
lib/includes/Formatters/AutoCommentFormatter.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/includes/Formatters/AutoCommentFormatter.php b/lib/includes/Formatters/AutoCommentFormatter.php
index 143ef881cf..da19d00ffa 100644
--- a/lib/includes/Formatters/AutoCommentFormatter.php
+++ b/lib/includes/Formatters/AutoCommentFormatter.php
@@ -106,7 +106,7 @@ class AutoCommentFormatter {
return wfEscapeWikiText( $arg );
}, $args );
// render the autocomment
- $auto = $msg->params( $args )->parse();
+ $auto = $msg->params( $args )->escaped();
return $auto;
}
--
2.52.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
22692374
Default Alt Text
T409737-REL1_44.patch (920 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits