jenkins-bot has submitted this change and it was merged.
Change subject: Add missing htmlspecialchars to DiffView
......................................................................
Add missing htmlspecialchars to DiffView
Change-Id: Iac99793acfb5aea90932c55345db6890f995e46b
---
M repo/includes/Diff/DiffView.php
M repo/tests/phpunit/includes/Diff/DiffViewTest.php
2 files changed, 15 insertions(+), 6 deletions(-)
Approvals:
JanZerebecki: Looks good to me, approved
jenkins-bot: Verified
diff --git a/repo/includes/Diff/DiffView.php b/repo/includes/Diff/DiffView.php
index d2bbe44..5517a70 100644
--- a/repo/includes/Diff/DiffView.php
+++ b/repo/includes/Diff/DiffView.php
@@ -15,8 +15,6 @@
use SiteStore;
use Wikibase\DataModel\Entity\ItemId;
use Wikibase\Lib\EntityIdFormatter;
-use Wikibase\Lib\Store\EntityRevisionLookup;
-use Wikibase\Lib\Store\EntityTitleLookup;
/**
* Class for generating views of DiffOp objects.
@@ -225,7 +223,7 @@
try {
$itemId = new ItemId( $idString );
} catch ( InvalidArgumentException $ex ) {
- return $idString;
+ return htmlspecialchars( $idString );
}
return $this->entityIdFormatter->formatEntityId( $itemId );
diff --git a/repo/tests/phpunit/includes/Diff/DiffViewTest.php
b/repo/tests/phpunit/includes/Diff/DiffViewTest.php
index 5798bbe..6f27be3 100644
--- a/repo/tests/phpunit/includes/Diff/DiffViewTest.php
+++ b/repo/tests/phpunit/includes/Diff/DiffViewTest.php
@@ -139,18 +139,29 @@
$this->assertRegExp( $pattern, $html, 'Diff table content line'
);
}
- public function testGivenInvalidBadgeId_getHtmlDoesNotThrowException() {
+ /**
+ * @dataProvider invalidBadgeIdProvider
+ * @param string $badgeId
+ */
+ public function testGivenInvalidBadgeId_getHtmlDoesNotThrowException(
$badgeId ) {
$path = array(
wfMessage( 'wikibase-diffview-link' )->text(),
'enwiki',
'badges'
);
- $diff = new Diff( array( new DiffOpAdd( 'invalidBadgeId' ) ) );
+ $diff = new Diff( array( new DiffOpAdd( $badgeId ) ) );
$diffView = $this->getDiffView( $path, $diff );
$html = $diffView->getHtml();
- $this->assertContains( 'invalidBadgeId', $html );
+ $this->assertContains( htmlspecialchars( $badgeId ), $html );
+ }
+
+ public function invalidBadgeIdProvider() {
+ return array(
+ array( 'invalidBadgeId' ),
+ array( '<a>injection</a>' ),
+ );
}
}
--
To view, visit https://gerrit.wikimedia.org/r/192533
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iac99793acfb5aea90932c55345db6890f995e46b
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: master
Gerrit-Owner: Thiemo Mättig (WMDE) <[email protected]>
Gerrit-Reviewer: Adrian Lang <[email protected]>
Gerrit-Reviewer: Hoo man <[email protected]>
Gerrit-Reviewer: JanZerebecki <[email protected]>
Gerrit-Reviewer: Thiemo Mättig (WMDE) <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
