dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6e18e5c
)
SECURITY: escape sortKey in pageInfo
author
csteipp
<csteipp@wikimedia.org>
Sat, 29 Mar 2014 05:39:57 +0000
(22:39 -0700)
committer
mglaser
<glaser@hallowelt.biz>
Thu, 24 Apr 2014 19:52:22 +0000
(21:52 +0200)
DEFAULTSORT isn't escaped before being added to the action=info table.
Bug: 63251
Change-Id: I087bfde8cbc69c3507f68ee3cb6e22aba0ffa7db
includes/actions/InfoAction.php
patch
|
blob
|
history
diff --git
a/includes/actions/InfoAction.php
b/includes/actions/InfoAction.php
index
06e3667
..
6b25460
100644
(file)
--- a/
includes/actions/InfoAction.php
+++ b/
includes/actions/InfoAction.php
@@
-262,6
+262,7
@@
class InfoAction extends FormlessAction {
$sortKey = $pageProperties['defaultsort'];
}
+ $sortKey = htmlspecialchars( $sortKey );
$pageInfo['header-basic'][] = array( $this->msg( 'pageinfo-default-sort' ), $sortKey );
// Page length (in bytes)