[MediaWiki-commits] [Gerrit] mediawiki...SocialProfile[master]: Escape ALL the things!

Fri, 13 Jan 2017 03:15:07 -0800 

Jack Phoenix has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/331966 )

Change subject: Escape ALL the things!
......................................................................

Escape ALL the things!

Change-Id: I42a87c1f29cc35b13914c97d6ca7ed6831fe424d
---
M UserProfile/UserProfilePage.php
1 file changed, 3 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/SocialProfile 
refs/changes/66/331966/1

diff --git a/UserProfile/UserProfilePage.php b/UserProfile/UserProfilePage.php
index d553e2e..e563733 100644
--- a/UserProfile/UserProfilePage.php
+++ b/UserProfile/UserProfilePage.php
@@ -1175,7 +1175,8 @@
                                // Chop down username that gets displayed
                                $user_name = $wgLang->truncate( 
$friend['user_name'], 9, '..' );
 
-                               $output .= "<a href=\"" . htmlspecialchars( 
$user->getFullURL() ) . "\" title=\"{$friend['user_name']}\" rel=\"nofollow\">
+                               $output .= "<a href=\"" . htmlspecialchars( 
$user->getFullURL() ) .
+                                       "\" title=\"" . htmlspecialchars( 
$friend['user_name'] ) . "\" rel=\"nofollow\">
                                        {$avatar->getAvatarURL()}<br />
                                        {$user_name}
                                </a>";
@@ -1799,7 +1800,7 @@
                                $output .= "<div class=\"fanbox-item\">
                                        <div class=\"individual-fanbox\" 
id=\"individualFanbox" . $fanbox['fantag_id'] . "\">
                                                <div 
class=\"show-message-container-profile\" id=\"show-message-container" . 
$fanbox['fantag_id'] . "\">
-                                                       <a class=\"perma\" 
style=\"font-size:8px; color:" . $fanbox['fantag_right_textcolor'] . "\" 
href=\"" . htmlspecialchars( $fantag_title->getFullURL() ) . "\" 
title=\"{$fanbox['fantag_title']}\">" . wfMessage( 'fanbox-perma' )->plain() . 
"</a>
+                                                       <a class=\"perma\" 
style=\"font-size:8px; color:" . $fanbox['fantag_right_textcolor'] . "\" 
href=\"" . htmlspecialchars( $fantag_title->getFullURL() ) . "\" title=\"" . 
htmlspecialchars( $fanbox['fantag_title'] ) . "\">" . wfMessage( 'fanbox-perma' 
)->plain() . "</a>
                                                        <table 
class=\"fanBoxTableProfile\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">
                                                                <tr>
                                                                        <td 
id=\"fanBoxLeftSideOutputProfile\" style=\"color:" . 
$fanbox['fantag_left_textcolor'] . "; font-size:$leftfontsize\" bgcolor=\"" . 
$fanbox['fantag_left_bgcolor'] . "\">" . $fantag_leftside . "</td>

-- 
To view, visit https://gerrit.wikimedia.org/r/331966
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I42a87c1f29cc35b13914c97d6ca7ed6831fe424d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/SocialProfile
Gerrit-Branch: master
Gerrit-Owner: Jack Phoenix <j...@countervandalism.net>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to