SECURITY: UserGroupMembership: Fix HTML escaping in #getLink

[lhc/web/wiklou.git] / includes / user / UserGroupMembership.php
diff --git a/includes/user/UserGroupMembership.php b/includes/user/UserGroupMembership.php

index e757e59..908ab86 100644 (file)
--- a/includes/user/UserGroupMembership.php
+++ b/includes/user/UserGroupMembership.php
@@ -237,11 +237,14 @@ class UserGroupMembership {
  
         /**
          * Purge expired memberships from the user_groups table
+        *
+        * @return int|bool false if purging wasn't attempted (e.g. because of
+        *  readonly), the number of rows purged (might be 0) otherwise
          */
         public static function purgeExpired() {
                 $services = MediaWikiServices::getInstance();
                 if ( $services->getReadOnlyMode()->isReadOnly() ) {
-                       return;
+                       return false;
                 }
  
                 $lbFactory = $services->getDBLoadBalancerFactory();
@@ -251,10 +254,11 @@ class UserGroupMembership {
                 $lockKey = $dbw->getDomainID() . ':usergroups-prune'; // specific to this wiki
                 $scopedLock = $dbw->getScopedLockAndFlush( $lockKey, __METHOD__, 0 );
                 if ( !$scopedLock ) {
-                       return; // already running
+                       return false; // already running
                 }
  
                 $now = time();
+               $purgedRows = 0;
                 do {
                         $dbw->startAtomic( __METHOD__ );
  
@@ -284,12 +288,15 @@ class UserGroupMembership {
                                 );
                                 // Push the groups to user_former_groups
                                 $dbw->insert( 'user_former_groups', $insertData, __METHOD__, [ 'IGNORE' ] );
+                               // Count how many rows were purged
+                               $purgedRows += $res->numRows();
                         }
  
                         $dbw->endAtomic( __METHOD__ );
  
                         $lbFactory->commitAndWaitForReplication( __METHOD__, $ticket );
                 } while ( $res->numRows() > 0 );
+               return $purgedRows;
         }
  
         /**
@@ -389,15 +396,19 @@ class UserGroupMembership {
  
                 // link to the group description page, if it exists
                 $linkTitle = self::getGroupPage( $group );
-               if ( $linkTitle ) {
-                       if ( $format === 'wiki' ) {
+               if ( $format === 'wiki' ) {
+                       if ( $linkTitle ) {
                                 $linkPage = $linkTitle->getFullText();
                                 $groupLink = "[[$linkPage|$groupName]]";
                         } else {
-                               $groupLink = Linker::link( $linkTitle, htmlspecialchars( $groupName ) );
+                               $groupLink = $groupName;
                         }
                 } else {
-                       $groupLink = htmlspecialchars( $groupName );
+                       if ( $linkTitle ) {
+                               $groupLink = Linker::link( $linkTitle, htmlspecialchars( $groupName ) );
+                       } else {
+                               $groupLink = htmlspecialchars( $groupName );
+                       }
                 }
  
                 if ( $expiry ) {
@@ -407,14 +418,18 @@ class UserGroupMembership {
                         $expiryDT = $uiLanguage->userTimeAndDate( $expiry, $uiUser );
                         $expiryD = $uiLanguage->userDate( $expiry, $uiUser );
                         $expiryT = $uiLanguage->userTime( $expiry, $uiUser );
-                       if ( $format === 'html' ) {
+
+                       if ( $format === 'wiki' ) {
+                               return $context->msg( 'group-membership-link-with-expiry' )
+                                       ->params( $groupLink, $expiryDT, $expiryD, $expiryT )->text();
+                       } else {
                                 $groupLink = Message::rawParam( $groupLink );
+                               return $context->msg( 'group-membership-link-with-expiry' )
+                                       ->params( $groupLink, $expiryDT, $expiryD, $expiryT )->escaped();
                         }
-                       return $context->msg( 'group-membership-link-with-expiry' )
-                               ->params( $groupLink, $expiryDT, $expiryD, $expiryT )->text();
-               } else {
-                       return $groupLink;
                 }
+
+               return $groupLink;
         }
  
         /**