jenkins-bot has submitted this change and it was merged.
Change subject: Escape unescaped messages in Special:CreateClass
......................................................................
Escape unescaped messages in Special:CreateClass
Bug: T85864
Change-Id: I6e6cdaf7a6fd926f66d57145932234fa6405bb30
---
M includes/SF_Utils.php
M specials/SF_CreateClass.php
M specials/SF_CreateTemplate.php
3 files changed, 16 insertions(+), 12 deletions(-)
Approvals:
Yaron Koren: Checked; Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/SF_Utils.php b/includes/SF_Utils.php
index 29a4383..4c59d38 100644
--- a/includes/SF_Utils.php
+++ b/includes/SF_Utils.php
@@ -14,7 +14,8 @@
*/
public static function linkForSpecialPage( $specialPageName ) {
$specialPage = SpecialPageFactory::getPage( $specialPageName );
- return Linker::link( $specialPage->getTitle(),
$specialPage->getDescription() );
+ return Linker::link( $specialPage->getTitle(),
+ htmlspecialchars( $specialPage->getDescription() ) );
}
/**
diff --git a/specials/SF_CreateClass.php b/specials/SF_CreateClass.php
index b4a1074..d2dcc44 100644
--- a/specials/SF_CreateClass.php
+++ b/specials/SF_CreateClass.php
@@ -214,15 +214,18 @@
$creation_links[] = SFUtils::linkForSpecialPage(
'CreateCategory' );
$form_name_label = wfMessage( 'sf_createclass_nameinput'
)->text();
$category_name_label = wfMessage( 'sf_createcategory_name'
)->text();
- $field_name_label = wfMessage( 'sf_createtemplate_fieldname'
)->text();
- $list_of_values_label = wfMessage(
'sf_createclass_listofvalues' )->text();
- $property_name_label = wfMessage( 'sf_createproperty_propname'
)->text();
- $type_label = wfMessage( 'sf_createproperty_proptype' )->text();
- $allowed_values_label = wfMessage(
'sf_createclass_allowedvalues' )->text();
+ $field_name_label = wfMessage( 'sf_createtemplate_fieldname'
)->escaped();
+ $list_of_values_label = wfMessage(
'sf_createclass_listofvalues' )->escaped();
+ $property_name_label = wfMessage( 'sf_createproperty_propname'
)->escaped();
+ $type_label = wfMessage( 'sf_createproperty_proptype'
)->escaped();
+ $allowed_values_label = wfMessage(
'sf_createclass_allowedvalues' )->escaped();
$text = '<form action="" method="post">' . "\n";
- $text .= "\t" . Html::rawElement( 'p', null, wfMessage(
'sf_createclass_docu', $wgLang->listToText( $creation_links ) )->text() ) .
"\n";
- $templateNameLabel = wfMessage( 'sf_createtemplate_namelabel'
)->text();
+ $text .= "\t" . Html::rawElement( 'p', null,
+ wfMessage( 'sf_createclass_docu' )
+ ->rawParams( $wgLang->listToText(
$creation_links ) )
+ ->escaped() ) . "\n";
+ $templateNameLabel = wfMessage( 'sf_createtemplate_namelabel'
)->escaped();
$templateNameInput = Html::input( 'template_name', null,
'text', array( 'size' => 30 ) );
$text .= "\t" . Html::rawElement( 'p', null, $templateNameLabel
. ' ' . $templateNameInput ) . "\n";
$templateInfo = SFCreateTemplate::printTemplateStyleInput(
'template_format' );
@@ -232,7 +235,7 @@
'name' => 'template_multiple',
'id' => 'template_multiple',
'onclick' => "disableFormAndCategoryInputs()",
- ) ) . ' ' . wfMessage(
'sf_createtemplate_multipleinstance' )->text() ) . "\n";
+ ) ) . ' ' . wfMessage(
'sf_createtemplate_multipleinstance' )->escaped() ) . "\n";
// Either #set_internal or #subobject will be added to the
// template, depending on whether Semantic Internal Objects is
// installed.
@@ -243,7 +246,7 @@
'id' => 'connecting_property_div',
'style' => 'display: none;',
),
- wfMessage(
'sf_createtemplate_connectingproperty' )->text() . "\n" .
+ wfMessage(
'sf_createtemplate_connectingproperty' )->escaped() . "\n" .
Html::element( 'input', array(
'type' => 'text',
'name' => 'connecting_property',
@@ -254,7 +257,7 @@
$text .= "\t" . Html::rawElement( 'p', null, Html::element(
'label', array( 'for' => 'form_name' ), $form_name_label ) . ' ' .
Html::element( 'input', array( 'size' => '30', 'name' => 'form_name', 'id' =>
'form_name' ), null ) ) . "\n";
$text .= "\t" . Html::rawElement( 'p', null, Html::element(
'label', array( 'for' => 'category_name' ), $category_name_label ) . ' ' .
Html::element( 'input', array( 'size' => '30', 'name' => 'category_name', 'id'
=> 'category_name' ), null ) ) . "\n";
$text .= "\t" . Html::element( 'br', null, null ) . "\n";
- $property_label = wfMessage( 'smw_pp_type' )->text();
+ $property_label = wfMessage( 'smw_pp_type' )->escaped();
$text .= <<<END
<div>
<table id="mainTable" style="border-collapse: collapse;">
diff --git a/specials/SF_CreateTemplate.php b/specials/SF_CreateTemplate.php
index cfae77d..b8cf60b 100644
--- a/specials/SF_CreateTemplate.php
+++ b/specials/SF_CreateTemplate.php
@@ -170,7 +170,7 @@
static function printTemplateStyleInput( $htmlFieldName, $curSelection
= null ) {
if ( !$curSelection ) $curSelection = 'standard';
- $text = "\t<p>" . wfMessage( 'sf_createtemplate_outputformat'
)->text() . "\n";
+ $text = "\t<p>" . wfMessage( 'sf_createtemplate_outputformat'
)->escaped() . "\n";
$text .= self::printTemplateStyleButton( 'standard',
'sf_createtemplate_standardformat', $htmlFieldName, $curSelection );
$text .= self::printTemplateStyleButton( 'infobox',
'sf_createtemplate_infoboxformat', $htmlFieldName, $curSelection );
$text .= self::printTemplateStyleButton( 'plain',
'sf_createtemplate_plainformat', $htmlFieldName, $curSelection );
--
To view, visit https://gerrit.wikimedia.org/r/184281
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6e6cdaf7a6fd926f66d57145932234fa6405bb30
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/SemanticForms
Gerrit-Branch: master
Gerrit-Owner: M4tx <[email protected]>
Gerrit-Reviewer: M4tx <[email protected]>
Gerrit-Reviewer: Nikerabbit <[email protected]>
Gerrit-Reviewer: Yaron Koren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
