From 393a8c84e8706e6edc5adc4657edbe28a175304a Mon Sep 17 00:00:00 2001 From: Sam Reed Date: Thu, 19 Jan 2012 16:55:42 +0000 Subject: [PATCH] Add some escaping to r109547, 109548, 109549 Improve RELEASE-NOTES-1.19 also --- RELEASE-NOTES-1.19 | 4 ++-- includes/ImageGallery.php | 2 +- includes/media/Generic.php | 11 ++++++----- includes/specials/SpecialMIMEsearch.php | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index 740857fcf3..a12e656b84 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -227,8 +227,8 @@ production. * (bug 25800) mw.config wgAction should contain the actually performed action instead of whatever the query value contains. * (bug 4438) Add CSS hook for current WikiPage action. -* (bug 33703) Common border-bottom color for should inherit default (text) color -* (bug 33819) Display filesize on Special:NewFiles in appropriate unit. +* (bug 33703) Common border-bottom color for should inherit default (text) color. +* (bug 33819) Display file sizes in appropriate units. === API changes in 1.19 === * Made action=edit less likely to return "unknownerror", by returning the actual error diff --git a/includes/ImageGallery.php b/includes/ImageGallery.php index 68a5a20cff..1106124acf 100644 --- a/includes/ImageGallery.php +++ b/includes/ImageGallery.php @@ -314,7 +314,7 @@ class ImageGallery { if( $this->mShowBytes ) { if( $img ) { - $fileSize = $wgLang->formatSize( $img->getSize() ); + $fileSize = htmlspecialchars( $wgLang->formatSize( $img->getSize() ) ); } else { $fileSize = wfMsgHtml( 'filemissing' ); } diff --git a/includes/media/Generic.php b/includes/media/Generic.php index d87c1cffaf..c241cbea2d 100644 --- a/includes/media/Generic.php +++ b/includes/media/Generic.php @@ -405,7 +405,7 @@ abstract class MediaHandler { */ function getShortDesc( $file ) { global $wgLang; - return $wgLang->formatSize( $file->getSize() ); + return htmlspecialchars( $wgLang->formatSize( $file->getSize() ) ); } /** @@ -414,7 +414,7 @@ abstract class MediaHandler { */ function getLongDesc( $file ) { global $wgLang; - return wfMessage( 'file-info', $wgLang->formatSize( $file->getSize() ), + return wfMessage( 'file-info', htmlspecialchars( $wgLang->formatSize( $file->getSize() ) ), $file->getMimeType() )->parse(); } @@ -710,7 +710,7 @@ abstract class ImageHandler extends MediaHandler { */ function getShortDesc( $file ) { global $wgLang; - $nbytes = $wgLang->formatSize( $file->getSize() ); + $nbytes = htmlspecialchars( $wgLang->formatSize( $file->getSize() ) ); $widthheight = wfMessage( 'widthheight' )->numParams( $file->getWidth(), $file->getHeight() )->escaped(); return "$widthheight ($nbytes)"; @@ -723,13 +723,14 @@ abstract class ImageHandler extends MediaHandler { function getLongDesc( $file ) { global $wgLang; $pages = $file->pageCount(); + $size = htmlspecialchars( $wgLang->formatSize( $file->getSize() ) ); if ( $pages === false || $pages <= 1 ) { $msg = wfMessage( 'file-info-size' )->numParams( $file->getWidth(), - $file->getHeight() )->params( $wgLang->formatSize( $file->getSize() ), + $file->getHeight() )->params( $size, $file->getMimeType() )->parse(); } else { $msg = wfMessage( 'file-info-size-pages' )->numParams( $file->getWidth(), - $file->getHeight() )->params( $wgLang->formatSize( $file->getSize() ), + $file->getHeight() )->params( $size, $file->getMimeType() )->numParams( $pages )->parse(); } return $msg; diff --git a/includes/specials/SpecialMIMEsearch.php b/includes/specials/SpecialMIMEsearch.php index 85f1a2e39c..adf2768c35 100644 --- a/includes/specials/SpecialMIMEsearch.php +++ b/includes/specials/SpecialMIMEsearch.php @@ -95,7 +95,7 @@ class MIMEsearchPage extends QueryPage { $download = Linker::makeMediaLinkObj( $nt, wfMsgHtml( 'download' ) ); $lang = $this->getLanguage(); - $bytes = $fileSize = $lang->formatSize( $result->img_size ); + $bytes = htmlspecialchars( $lang->formatSize( $result->img_size ) ); $dimensions = htmlspecialchars( wfMsg( 'widthheight', $lang->formatNum( $result->img_width ), $lang->formatNum( $result->img_height ) -- 2.20.1