Page MenuHomePhabricator

OAuth MediaWiki extension's app grant management form's "Allowed on wiki" input needs stricter input validation
Closed, ResolvedPublic

Description

If I go to [[testwiki:Special:MWOAuthManageMyGrants/manage/72]] and enter "mediawiki" for the "Allowed on wiki" text input and press the "update grants" button, the form will accept the input.

If I return to [[testwiki:Special:MWOAuthManageMyGrants/proposed]], I see:


Allowed on wiki: media.wikipedia.org

Eep!

This is related to bug 55714 and 55703.


Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=55714
https://bugzilla.wikimedia.org/show_bug.cgi?id=55703

Details

Reference
bz55720

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:35 AM
bzimport set Reference to bz55720.
bzimport added a subscriber: Unknown Object (MLST).

If I enter "<b>wiki" for the "Allowed on wiki" field, the form successfully saves/submits, but then I get "Allowed on wiki: <b>.wikipedia.org" at [[testwiki:Special:MWOAuthManageMyGrants/proposed]].

This was already fixed in master

(In reply to comment #2)

This was already fixed in master

https://gerrit.wikimedia.org/r/89236

Thank you for fixing this. Please provide a reference when closing out bugs like this.