dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
fcd353a
)
Prevent XSS / arbitrary HTML injection via unescaped "rs" parameter. Proof-of-Concept...
author
Nick Jenkins
<nickj@users.mediawiki.org>
Tue, 9 Jan 2007 06:36:39 +0000
(06:36 +0000)
committer
Nick Jenkins
<nickj@users.mediawiki.org>
Tue, 9 Jan 2007 06:36:39 +0000
(06:36 +0000)
includes/AjaxDispatcher.php
patch
|
blob
|
history
diff --git
a/includes/AjaxDispatcher.php
b/includes/AjaxDispatcher.php
index
d19035e
..
a64f56d
100644
(file)
--- a/
includes/AjaxDispatcher.php
+++ b/
includes/AjaxDispatcher.php
@@
-55,7
+55,7
@@
class AjaxDispatcher {
if (! in_array( $this->func_name, $wgAjaxExportList ) ) {
header( 'Status: 400 Bad Request', true, 400 );
-
echo "unknown function {$this->func_name}"
;
+
print "unknown function " . htmlspecialchars( $this->func_name )
;
} else {
try {
$result = call_user_func_array($this->func_name, $this->args);