From: Amir Sarabadani <Ladsgroup@gmail.com>
Date: Sat, 7 Dec 2019 22:36:42 +0000 (+0100)
Subject: SECURITY: Do not allow user scripts on Special:PasswordReset
X-Git-Tag: 1.34.0~7
X-Git-Url: http://git.cyclocoop.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=0a6ce0bf88ae29718baacbebd1e2aefaf11a17b1

SECURITY: Do not allow user scripts on Special:PasswordReset

Bug: T192134
Change-Id: If5e91452f2e569476626bcf650ba4efaa122952c
---

diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php
index c1d30ee58c..63490e4925 100644
--- a/includes/specials/SpecialPasswordReset.php
+++ b/includes/specials/SpecialPasswordReset.php
@@ -74,6 +74,15 @@ class SpecialPasswordReset extends FormSpecialPage {
 		parent::checkExecutePermissions( $user );
 	}
 
+	/**
+	 * @param string $par
+	 */
+	public function execute( $par ) {
+		$out = $this->getOutput();
+		$out->disallowUserJs();
+		parent::execute( $par );
+	}
+
 	protected function getFormFields() {
 		$resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
 		$a = [];