Page MenuHomePhabricator
Files F72106447

01-T416090-REL1_43.patch
matmarex (Bartosz Dziewoński)
Actions

Authored By
matmarex
Feb 15 2026, 1:02 AM
Size
993 B
Referenced Files
None
Subscribers
None

01-T416090-REL1_43.patch
View Options

From 6ff8fa9d8f9f5c12857353eb61f1cd39ce70400b Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Bartosz=20Dziewo=C5=84ski?= <dziewonski@fastmail.fm>
Date: Sun, 15 Feb 2026 01:47:56 +0100
Subject: [PATCH] SECURITY: Validate link target for protection indicators help
page
Bug: T416090
Change-Id: I5fa630ca3d00e3bc98b732320ab9ffc8ff95491c
---
includes/page/Article.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/page/Article.php b/includes/page/Article.php
index a873541e2e8..8313b5e0c10 100644
--- a/includes/page/Article.php
+++ b/includes/page/Article.php
@@ -656,7 +656,7 @@ class Article implements Page {
if ( $protectionHelpLink->isDisabled() ) {
$protectionHelpLink = 'https://mediawiki.org/wiki/Special:MyLanguage/Help:Protection';
} else {
- $protectionHelpLink = $protectionHelpLink->text();
+ $protectionHelpLink = Skin::makeInternalOrExternalUrl( $protectionHelpLink->text() );
}
$outputPage->setIndicators( [
--
2.45.1.windows.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
23184193
Default Alt Text
01-T416090-REL1_43.patch (993 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits