Page MenuHomePhabricator

XSS: Incorrect patch for bug 28235
Closed, ResolvedPublic



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:25 PM
bzimport set Reference to bz28507.
bzimport added a subscriber: Unknown Object (MLST).

Thanks for that, another fix will be released in 1.16.4.

I had Roan Kattouw help me review and test the patch this time, so hopefully we've got it nailed down.

EN.WP.ST47 wrote:

No XSS when I click the link, so it works in 1.17-wmfwhatever. Closing fixed by Tim.