dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f4288f9
)
Reverting r25082:
author
Brion Vibber
<brion@users.mediawiki.org>
Thu, 13 Sep 2007 19:06:54 +0000
(19:06 +0000)
committer
Brion Vibber
<brion@users.mediawiki.org>
Thu, 13 Sep 2007 19:06:54 +0000
(19:06 +0000)
Do not restore security vulnerabilities to the codebase after a security release.
Especially don't MAKE THEM WORSE IN THE PROCESS.
includes/api/ApiFormatBase.php
patch
|
blob
|
history
diff --git
a/includes/api/ApiFormatBase.php
b/includes/api/ApiFormatBase.php
index
dec6cd3
..
b69ebaf
100644
(file)
--- a/
includes/api/ApiFormatBase.php
+++ b/
includes/api/ApiFormatBase.php
@@
-158,6
+158,8
@@
See <a href='http://www.mediawiki.org/wiki/API'>complete documentation</a>, or
* This method also replaces any '<' with <
*/
protected function formatHTML($text) {
+ // Escape everything first for full coverage
+ $text = htmlspecialchars($text);
// encode all comments or tags as safe blue strings
$text = preg_replace('/\<(!--.*?--|.*?)\>/', '<span style="color:blue;"><\1></span>', $text);