jenkins-bot has submitted this change and it was merged.
Change subject: Fix several escaping issues
......................................................................
Fix several escaping issues
Bug: T114274
Change-Id: I15badc3595bb4f4594f46949bb4f53dfd8f51e18
---
M includes/views/Collection.php
M includes/views/Image.php
M includes/views/NoPublic.php
M includes/views/NotFound.php
4 files changed, 15 insertions(+), 5 deletions(-)
Approvals:
Jdlrobson: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/views/Collection.php b/includes/views/Collection.php
index a2eb4b7..5ac461f 100644
--- a/includes/views/Collection.php
+++ b/includes/views/Collection.php
@@ -121,7 +121,7 @@
public function getEditButtonHtml() {
$id = $this->collection->getId();
// Do not edit watchlist
- if ( $id !== 0 && $this->collection->isOwner( $this->user ) ) {
+ if ( $id !== 0 && is_numeric( $id ) &&
$this->collection->isOwner( $this->user ) ) {
return Html::element( 'a', array(
// FIXME: This should work without JavaScript
'href' => '#/edit-collection/' . $id,
diff --git a/includes/views/Image.php b/includes/views/Image.php
index ba2d6b2..8a76142 100644
--- a/includes/views/Image.php
+++ b/includes/views/Image.php
@@ -23,7 +23,17 @@
public function __construct( models\WithImage $item ) {
$this->item = $item;
}
-
+ /**
+ * Strip special characters for use in CSS background image url
+ * @param string $url the url to be sanitized
+ * @return string
+ */
+ public function sanitizeURL( $url ) {
+ $url = stripslashes( $url );
+ $url = str_replace( ")", "", $url );
+ $url = str_replace( "'", "", $url );
+ return $url;
+ }
/**
* Get the view html
*/
@@ -40,7 +50,7 @@
$thumb = models\Image::getThumbnail(
$this->item->getFile(), $size );
if ( $thumb && $thumb->getUrl() ) {
$data = array(
- 'url' => wfExpandUrl( $thumb->getUrl(),
PROTO_CURRENT ),
+ 'url' => wfExpandUrl(
$this->sanitizeURL( $thumb->getUrl() ), PROTO_CURRENT ),
'wide' => $thumb->getWidth() >
$thumb->getHeight(),
);
return Template::render( 'CardImage', $data );
diff --git a/includes/views/NoPublic.php b/includes/views/NoPublic.php
index 86a0da2..78f97f9 100644
--- a/includes/views/NoPublic.php
+++ b/includes/views/NoPublic.php
@@ -34,7 +34,7 @@
public function getHtml( $data = array() ) {
$html = Html::openElement( 'div', array( 'class' => 'collection
not-found content' ) );
$html .= Html::element( 'span', array( 'class' => 'mw-ui-anchor
mw-ui-destructive' ),
- wfMessage( 'gather-no-public-lists-description'
)->text(), $this->user );
+ wfMessage( 'gather-no-public-lists-description'
)->escaped(), $this->user );
$html .= Html::closeElement( 'div' );
return $html;
}
diff --git a/includes/views/NotFound.php b/includes/views/NotFound.php
index 2eeab10..9d0e0c1 100644
--- a/includes/views/NotFound.php
+++ b/includes/views/NotFound.php
@@ -26,7 +26,7 @@
// FIXME: Showing generic not found error right now. Show user
not found instead
$html = Html::openElement( 'div', array( 'class' => 'collection
not-found content' ) );
$html .= Html::element( 'span', array( 'class' => 'mw-ui-anchor
mw-ui-destructive' ),
- wfMessage( 'mobile-frontend-generic-404-desc' )->text()
);
+ wfMessage( 'mobile-frontend-generic-404-desc'
)->escaped() );
$html .= Html::closeElement( 'div' );
return $html;
}
--
To view, visit https://gerrit.wikimedia.org/r/261178
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I15badc3595bb4f4594f46949bb4f53dfd8f51e18
Gerrit-PatchSet: 11
Gerrit-Project: mediawiki/extensions/Gather
Gerrit-Branch: dev
Gerrit-Owner: Ananay <[email protected]>
Gerrit-Reviewer: Aklapper <[email protected]>
Gerrit-Reviewer: Ananay <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Jdlrobson <[email protected]>
Gerrit-Reviewer: Legoktm <[email protected]>
Gerrit-Reviewer: Nemo bis <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
