Page MenuHomePhabricator

Properly escape output
Closed, ResolvedPublic

Description

Several places in the code values are passed on without being properly escaped by htmlspecialchars or similar.

Use this as a tracking bug for patchsets related to this problem.


Version: unspecified
Severity: normal

Details

Reference
bz40523

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:11 AM
bzimport set Reference to bz40523.
bzimport added a subscriber: Unknown Object (MLST).
jeblad created this task.Sep 26 2012, 10:03 AM

repo/includes/actions/EditEntityAction.php
https://gerrit.wikimedia.org/r/#/c/25242/

repo/includes/special/SpecialCreateEntity.php
https://gerrit.wikimedia.org/r/25244

repo/includes/special/SpecialItemByTitle.php
https://gerrit.wikimedia.org/r/25246

repo/includes/special/SpecialItemDisambiguation.php
https://gerrit.wikimedia.org/r/#/c/25180/

Verified in Wikidata demo time for sprint 17