From dd852675aaaebef04e219a0a6c2d46d31e19cee6 Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Sat, 14 May 2005 05:41:22 +0000 Subject: [PATCH] fixed style and minor XSS vulnerabilities --- includes/SpecialGroups.php | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/includes/SpecialGroups.php b/includes/SpecialGroups.php index 1941268e79..c6b2a37f10 100644 --- a/includes/SpecialGroups.php +++ b/includes/SpecialGroups.php @@ -1,7 +1,6 @@ mPosted = $request->wasPosted(); - $this->mRequest = $request; + $this->mRequest =& $request; $this->mName = 'groups'; $this->mNewName = trim( $request->getText('editgroup-name') ); @@ -62,8 +61,8 @@ class GroupsForm extends HTMLForm { } /** - * Manage forms to be shown according to posted datas. - * Depending on the submit button used : Call a form or a saving function. + * Manage forms to be shown according to posted data + * Depending on the submit button used, call a form or a saving function. */ function execute() { global $wgOut; @@ -97,7 +96,6 @@ class GroupsForm extends HTMLForm { /** * Save a group - * @todo FIXME : Log is incorrect. */ function saveGroup() { global $wgOut; @@ -119,7 +117,7 @@ class GroupsForm extends HTMLForm { } // Create a new group - $g = new group(); + $g = new Group(); $g->addToDatabase(); } else { $add = false; @@ -196,16 +194,16 @@ class GroupsForm extends HTMLForm { $g = Group::newFromID($groupID); $fieldname = 'editgroup'; } else { - // default datas when we add a group - $g = new group(); + // default data when we add a group + $g = new Group(); $fieldname = 'addgroup'; } - $gName = $g->getName(); - $gDescription = $g->getDescription(); + $gName = htmlspecialchars( $g->getName() ); + $gDescription = htmlspecialchars( $g->getDescription() ); - $wgOut->addHTML( "
action\" method=\"post\">\n". + $wgOut->addHTML( "action}\" method=\"post\">\n". '\n" ); $wgOut->addHTML( $this->fieldset( $fieldname, -- 2.20.1