Page MenuHomePhabricator
Create Task
Maniphest T169124

QuestyCaptcha broken in 1.27 when using html tags in questions (please backport fix to 1.27?)
Closed, ResolvedPublic
Actions

Description

MW v1.27.3
ConfirmEdit REL1_27 branch

QuestyCaptcha is broken and outputs sanitized html even when using the examples given on Extension:QuestyCaptcha when using it to createaccount. It might be broken with edit captcha calls too. I did not verify this yet.

$arr = array (
	"A question?" => "An answer!",
	"What is this wiki's name?" => "$wgSitename",
	'Please write the magic secret, "passion", here:' => 'passion',
	'Type the code word, 567, here:' => '567',
	'Which animal? <img src="http://www.mysite.com/dog.jpg" alt="" title="" />' => 'dog',
);
foreach ( $arr as $key => $value ) {
	$wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
}

Will output the image tag as: Which animal? <img src="http://www.mysite.com/dog.jpg" alt="" title="" />

Instead of the picture added with the <img> tag. Is this related to the sanitizing of messages on Special page?

Details

SubjectRepoBranchLines +/-
Fixing unexcepted HTML escaping in QuestyCaptcha.mediawiki/extensions/ConfirmEditREL1_27+18 -1
Customize query in gerrit

Related Objects

Event Timeline

Hutchy68 created this task.Jun 28 2017, 6:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 28 2017, 6:34 PM
Hutchy68 added a comment.Jun 28 2017, 7:21 PM

Reference closed T147606: Fix unexcepted HTML escaping in QuestyCaptcha.

Hutchy68 added a comment.Jun 28 2017, 7:22 PM

Looks like this was fixed but not back ported int REL1_27. Switch my branch to REL1_28 on the extension fixed this issue.

Aklapper renamed this task from QuestyCaptcha broken when using html tags in questions to QuestyCaptcha broken in 1.27 when using html tags in questions (please backport fix to 1.27?).Jun 29 2017, 9:51 AM
Aklapper added a project: MW-1.27-release.
gerritbot subscribed.Jul 6 2017, 3:03 PM

Change 363616 had a related patch set uploaded (by Florianschmidtwelzow; owner: Ben.imbushuo):
[mediawiki/extensions/ConfirmEdit@REL1_27] Fixing unexcepted HTML escaping in QuestyCaptcha.

https://gerrit.wikimedia.org/r/363616

gerritbot added a project: Patch-For-Review.Jul 6 2017, 3:03 PM
Florian claimed this task.Jul 6 2017, 3:04 PM
Florian subscribed.

As REL1_27 is an LTS release, I cherry-picked the change to the release branch. Over to Release-Engineering MW-1.27-release :)

Umherirrender closed this task as Resolved.Oct 2 2017, 1:23 PM
Umherirrender triaged this task as Medium priority.
gerritbot added a comment.Oct 2 2017, 1:32 PM

Change 363616 merged by jenkins-bot:
[mediawiki/extensions/ConfirmEdit@REL1_27] Fixing unexcepted HTML escaping in QuestyCaptcha.

https://gerrit.wikimedia.org/r/363616

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL