From: Platonides Date: Mon, 26 Jul 2010 17:41:14 +0000 (+0000) Subject: Close the web page when it is disabled. X-Git-Tag: 1.31.0-rc.0~35909 X-Git-Url: http://git.cyclocoop.org/%22%20.%20%20%20%24self2%20.%20%20%20%22&var_mode_affiche=boucle?a=commitdiff_plain;h=f3a89bb4d0048756e9f7fb5765cf0d5c39db2943;p=lhc%2Fweb%2Fwiklou.git Close the web page when it is disabled. Fix XSS in filter parameter. Normal setups (with $wgEnableProfileInfo = false) are not affected. --- diff --git a/profileinfo.php b/profileinfo.php index cd324f9e7a..9ef91a4411 100644 --- a/profileinfo.php +++ b/profileinfo.php @@ -65,7 +65,8 @@ require_once( './includes/WebStart.php' ); Disabled

\n"; + echo ""; exit( 1 ); } @@ -251,8 +252,8 @@ function makeurl( $_filter = false, $_sort = false, $_expand = false ) { if ( $_expand === false ) $_expand = $expand; - $nfilter = $_filter ? $_filter : $filter; - $nsort = $_sort ? $_sort : $sort; + $nfilter = $_filter ? htmlspecialchars( $_filter ) : htmlspecialchars( $filter ); + $nsort = $_sort ? htmlspecialchars( $_sort ) : htmlspecialchars( $sort ); $exp = urlencode( implode( ',', array_keys( $_expand ) ) ); return "?filter=$nfilter&sort=$nsort&expand=$exp"; }