Page MenuHomePhabricator
Create Task
Maniphest T13302

API fm modules don't escape < and >
Closed, ResolvedPublic
Actions

Description

Author: cbm.wikipedia

Description:
The links in the auto-generated API documentation no longer work - they have html entity names instead of ampersands. The same bug affects the automatic documentation for query.php.

I think that the "txt" output format of query.php also changed, so that now instead of => the greater than sign is replaced with the HTML escape. I realize that query.php is deprecated, however.

Version: 1.11.x
Severity: normal
URL: http://en.wikipedia.org/w/api.php

Details

Reference
bz11302

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:57 PM
bzimport added a project: MediaWiki-Action-API.
bzimport set Reference to bz11302.
bzimport created this task.Sep 11 2007, 11:36 PM
Catrope added a comment.Sep 12 2007, 2:30 PM

API has this too, I noticed. I think this Brion's fix to bug 11158 in r25742 caused this, so I'm assigning this to him.

Catrope added a comment.Sep 12 2007, 2:59 PM

AmiDaniel did something about this in r25802: the links work now, but the < and > aren't escaped anymore, rendering all XML tags invisible.

brion added a comment.Sep 13 2007, 3:27 PM
  • This bug has been marked as a duplicate of bug 11296 ***
brion added a comment.Sep 13 2007, 7:11 PM

r25802 is a huge security hole which made the problem even worse. I've reverted it.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL