Unicodesnowman has uploaded a new change for review.
https://gerrit.wikimedia.org/r/184211
Change subject: Escape unescaped messages in Special:AdminLinks
......................................................................
Escape unescaped messages in Special:AdminLinks
ALSection has been changed to escape the section name.
ALItem now always escapes the $desc/$label, as Linker::link() doesn't
escape the description/html.
Fixed a few instances where wfMessage had no specified output mode.
Bug: T85864
Change-Id: Ifd697a0bd75643266c707a9e2181e72c82f478bf
---
M AdminLinks_body.php
1 file changed, 17 insertions(+), 7 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/AdminLinks
refs/changes/11/184211/1
diff --git a/AdminLinks_body.php b/AdminLinks_body.php
index 1a45938..96ae9d9 100644
--- a/AdminLinks_body.php
+++ b/AdminLinks_body.php
@@ -28,8 +28,14 @@
'Sidebar',
$this->msg( 'adminlinks_editsidebar' )->text()
) );
- $main_row->addItem( ALItem::newFromEditLink( 'Common.css',
$this->msg( 'adminlinks_editcss' ) ) );
- $main_row->addItem( ALItem::newFromEditLink( 'Mainpage',
$this->msg( 'adminlinks_editmainpagename' ) ) );
+ $main_row->addItem( ALItem::newFromEditLink(
+ 'Common.css',
+ $this->msg( 'adminlinks_editcss' )->text()
+ ) );
+ $main_row->addItem( ALItem::newFromEditLink(
+ 'Mainpage',
+ $this->msg( 'adminlinks_editmainpagename' )->text()
+ ) );
$general_section->addRow( $main_row );
$tree->addSection( $general_section );
@@ -199,7 +205,8 @@
}
function toString() {
- $text = ' <h2 class="mw-specialpagesgroup">' .
$this->header . "</h2>\n";
+ $text = ' <h2 class="mw-specialpagesgroup">' .
htmlspecialchars( $this->header,
+ ENT_QUOTES ) . "</h2>\n";
foreach ( $this->rows as $row ) {
$text .= $row->toString();
}
@@ -262,7 +269,8 @@
} else {
$title = Title::newFromText( $page_name_or_title );
}
- $item->text = Linker::linkKnown( $title, $desc, array(), $query
);
+ $item->text = Linker::linkKnown( $title, htmlspecialchars(
$desc, ENT_QUOTES ),
+ array(), $query );
return $item;
}
@@ -270,7 +278,8 @@
$item = new ALItem();
$item->label = $page_name;
$page = SpecialPageFactory::getPage( $page_name );
- $item->text = Linker::linkKnown( $page->getTitle(),
$page->getDescription() );
+ $item->text = Linker::linkKnown( $page->getTitle(),
+ htmlspecialchars( $page->getDescription(), ENT_QUOTES )
);
return $item;
}
@@ -279,14 +288,15 @@
$item->label = $page_name;
$title = Title::makeTitleSafe( NS_MEDIAWIKI, $page_name );
$edit_link = $title->getFullURL( 'action=edit' );
- $item->text = "<a href=\"$edit_link\">$desc</a>";
+ $item->text = "<a href=\"$edit_link\">" . htmlspecialchars(
$desc, ENT_QUOTES ) . "</a>";
return $item;
}
static function newFromExternalLink( $url, $label ) {
$item = new ALItem();
$item->label = $label;
- $item->text = "<a class=\"external text\" rel=\"nofollow\"
href=\"$url\">$label</a>";
+ $item->text = "<a class=\"external text\" rel=\"nofollow\"
href=\"$url\">" .
+ htmlspecialchars( $label, ENT_QUOTES ) . "</a>";
return $item;
}
}
--
To view, visit https://gerrit.wikimedia.org/r/184211
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifd697a0bd75643266c707a9e2181e72c82f478bf
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/AdminLinks
Gerrit-Branch: master
Gerrit-Owner: Unicodesnowman <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
