CSteipp has uploaded a new change for review. Change subject: (bug 42202) Validate preference values in action=options ......................................................................
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775 --- M includes/api/ApiOptions.php 1 file changed, 26 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/75/36075/1 -- To view, visit https://gerrit.wikimedia.org/r/36075 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_20 Gerrit-Owner: CSteipp <[email protected]> Gerrit-Reviewer: Catrope <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
