Ananay has uploaded a new change for review.
https://gerrit.wikimedia.org/r/261178
Change subject: Fix several escaping issues
......................................................................
Fix several escaping issues
Bug: T114274
Change-Id: I15badc3595bb4f4594f46949bb4f53dfd8f51e18
---
M includes/views/Collection.php
M includes/views/Image.php
M includes/views/NoPublic.php
M includes/views/NotFound.php
4 files changed, 13 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Gather
refs/changes/78/261178/1
diff --git a/includes/views/Collection.php b/includes/views/Collection.php
index a2eb4b7..6018b16 100644
--- a/includes/views/Collection.php
+++ b/includes/views/Collection.php
@@ -121,7 +121,7 @@
public function getEditButtonHtml() {
$id = $this->collection->getId();
// Do not edit watchlist
- if ( $id !== 0 && $this->collection->isOwner( $this->user ) ) {
+ if ( $id !== 0 && is_numeric($id) &&
$this->collection->isOwner( $this->user ) ) {
return Html::element( 'a', array(
// FIXME: This should work without JavaScript
'href' => '#/edit-collection/' . $id,
diff --git a/includes/views/Image.php b/includes/views/Image.php
index ba2d6b2..92929a0 100644
--- a/includes/views/Image.php
+++ b/includes/views/Image.php
@@ -23,7 +23,15 @@
public function __construct( models\WithImage $item ) {
$this->item = $item;
}
-
+ /**
+ * Strip special characters from the URL
+ */
+ public function sanitizeURL($url){
+ $url = stripslashes($url);
+ $url = str_replace(")", "", $url);
+ $url = str_replace("'", "", $url);
+ return $url;
+ }
/**
* Get the view html
*/
@@ -40,7 +48,7 @@
$thumb = models\Image::getThumbnail(
$this->item->getFile(), $size );
if ( $thumb && $thumb->getUrl() ) {
$data = array(
- 'url' => wfExpandUrl( $thumb->getUrl(),
PROTO_CURRENT ),
+ 'url' => wfExpandUrl(
$this->sanitizeURL($thumb->getUrl()), PROTO_CURRENT ),
'wide' => $thumb->getWidth() >
$thumb->getHeight(),
);
return Template::render( 'CardImage', $data );
diff --git a/includes/views/NoPublic.php b/includes/views/NoPublic.php
index 86a0da2..c8facc7 100644
--- a/includes/views/NoPublic.php
+++ b/includes/views/NoPublic.php
@@ -34,7 +34,7 @@
public function getHtml( $data = array() ) {
$html = Html::openElement( 'div', array( 'class' => 'collection
not-found content' ) );
$html .= Html::element( 'span', array( 'class' => 'mw-ui-anchor
mw-ui-destructive' ),
- wfMessage( 'gather-no-public-lists-description'
)->text(), $this->user );
+ wfMessage( 'mobile-frontend-generic-404-desc'
)->escaped(wfMessage( 'gather-no-public-lists-description' )->text()),
$this->user );
$html .= Html::closeElement( 'div' );
return $html;
}
diff --git a/includes/views/NotFound.php b/includes/views/NotFound.php
index 2eeab10..3a99246 100644
--- a/includes/views/NotFound.php
+++ b/includes/views/NotFound.php
@@ -26,7 +26,7 @@
// FIXME: Showing generic not found error right now. Show user
not found instead
$html = Html::openElement( 'div', array( 'class' => 'collection
not-found content' ) );
$html .= Html::element( 'span', array( 'class' => 'mw-ui-anchor
mw-ui-destructive' ),
- wfMessage( 'mobile-frontend-generic-404-desc' )->text()
);
+ wfMessage( 'mobile-frontend-generic-404-desc'
)->escaped(wfMessage( 'mobile-frontend-generic-404-desc' )->text()) );
$html .= Html::closeElement( 'div' );
return $html;
}
--
To view, visit https://gerrit.wikimedia.org/r/261178
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I15badc3595bb4f4594f46949bb4f53dfd8f51e18
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Gather
Gerrit-Branch: dev
Gerrit-Owner: Ananay <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
