From: Amir Sarabadani <Ladsgroup@gmail.com>
Date: Sat, 7 Dec 2019 22:36:42 +0000 (+0100)
Subject: SECURITY: Do not allow user scripts on Special:PasswordReset
X-Git-Tag: 1.31.6~6
X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/Fool?a=commitdiff_plain;h=66c91ac85b26c042b3d07255d1d7954be507699b;p=lhc%2Fweb%2Fwiklou.git

SECURITY: Do not allow user scripts on Special:PasswordReset

Bug: T192134
Change-Id: If5e91452f2e569476626bcf650ba4efaa122952c
---

diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php
index 84292f3ed9..51fcae7939 100644
--- a/includes/specials/SpecialPasswordReset.php
+++ b/includes/specials/SpecialPasswordReset.php
@@ -74,6 +74,15 @@ class SpecialPasswordReset extends FormSpecialPage {
 		parent::checkExecutePermissions( $user );
 	}
 
+	/**
+	 * @param string $par
+	 */
+	public function execute( $par ) {
+		$out = $this->getOutput();
+		$out->disallowUserJs();
+		parent::execute( $par );
+	}
+
 	protected function getFormFields() {
 		$resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
 		$a = [];