Page MenuHomePhabricator
Create Task
Maniphest T152831

SmiteSpam has lots of HTML messages
Closed, ResolvedPublic
Actions

Description

I quickly reviewed SpecialSmiteSpamTrustedUsers.php and a ton of messages are raw HTML into the form. They should be escaped.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Escape raw HTML messages in SmiteSpam SpecialPagesmediawiki/extensions/SmiteSpammaster+14 -14
Customize query in gerrit

Related Objects
Search...

Event Timeline

Legoktm created this task.Dec 10 2016, 5:13 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 10 2016, 5:13 AM
gerritbot subscribed.Dec 10 2016, 5:37 AM

Change 326243 had a related patch set uploaded (by MtDu):
Escape raw HTML messages in SmiteSpam SpecialPages

https://gerrit.wikimedia.org/r/326243

gerritbot added a project: Patch-For-Review.Dec 10 2016, 5:37 AM
gerritbot added a comment.Dec 11 2016, 8:18 AM

Change 326243 merged by jenkins-bot:
Escape raw HTML messages in SmiteSpam SpecialPages

https://gerrit.wikimedia.org/r/326243

polybuildr added subscribers: Filip, polybuildr.Dec 11 2016, 9:14 AM

@Legoktm, @Aklapper: Could you please resolve the conflict between this task and T152852? @FilipGCI says that the GCI task was claimed by them (https://gerrit.wikimedia.org/r/#/c/326282/). I haven't registered as a GCI mentor, so I don't know what's happening there.

Filip added a comment.EditedDec 11 2016, 9:19 AM

@polybuildr I don't know, maybe i should abandon it. Btw, i think there should'nt be "->escaped" becouse code will look like that "Hello%20World", and it should'nt be in Special Pages

polybuildr added a comment.Dec 11 2016, 9:23 AM

@FilipGCI, I don't think that's what happens. The %20 kind of escaping is for use in URLs (such as php's urlencode), but this is escaping for HTML (< gets converted to &lt; and other things like that). Take a look at https://www.mediawiki.org/wiki/Manual:Messages_API#Output_modes_and_escaping.

Filip added a comment.Dec 11 2016, 9:53 AM

Ok, i abadoned it.

Nemo_bis triaged this task as Medium priority.Dec 11 2016, 4:06 PM
Nemo_bis added a parent task: T85864: Special pages, actions and views whose messages don't escape text.
Mvolz closed this task as Resolved.Dec 12 2016, 7:41 AM
Mvolz assigned this task to MtDu.
Mvolz merged a task: T152852: SmiteSpam - Replace "wfMessage(" with "$this->msg" in SpecialPages.
Mvolz added subscribers: MtDu, Florian.
Aklapper added a comment.Dec 12 2016, 4:15 PM

[For the records; sorted out the GCI aspects of this task.]

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits