[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Fix enhanced RC data attribute sanitizing

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/359047 )

Change subject: Fix enhanced RC data attribute sanitizing
......................................................................


Fix enhanced RC data attribute sanitizing

We push 'class' in the attribute array so the hook
can manipulate it, so it needs to be added to the attribute
whitelist as well.

Broken in I6dd006d0b1b0fd35c0020f0f9eea9113eca30b35.

Bug: T167922
Bug: T167535
Change-Id: Ic24400382a9dcbb990e12dfddae4ab7db14553cc
---
M includes/changes/EnhancedChangesList.php
M tests/phpunit/includes/changes/EnhancedChangesListTest.php
2 files changed, 4 insertions(+), 2 deletions(-)

Approvals:
  20after4: Looks good to me, approved
  Bmansurov: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/includes/changes/EnhancedChangesList.php 
b/includes/changes/EnhancedChangesList.php
index 03f63f6..d977457 100644
--- a/includes/changes/EnhancedChangesList.php
+++ b/includes/changes/EnhancedChangesList.php
@@ -686,7 +686,9 @@
                }
                $attribs = $data['attribs'];
                unset( $data['attribs'] );
-               $attribs = wfArrayFilterByKey( $attribs, [ Sanitizer::class, 
'isReservedDataAttribute' ] );
+               $attribs = wfArrayFilterByKey( $attribs, function( $key ) {
+                       return $key === 'class' || 
Sanitizer::isReservedDataAttribute( $key );
+               } );
 
                $line = Html::openElement( 'table', $attribs ) . 
Html::openElement( 'tr' );
                $line .= '<td class="mw-enhanced-rc"><span 
class="mw-enhancedchanges-arrow-space"></span>';
diff --git a/tests/phpunit/includes/changes/EnhancedChangesListTest.php 
b/tests/phpunit/includes/changes/EnhancedChangesListTest.php
index 029d1fe..28818d9 100644
--- a/tests/phpunit/includes/changes/EnhancedChangesListTest.php
+++ b/tests/phpunit/includes/changes/EnhancedChangesListTest.php
@@ -99,7 +99,7 @@
                $enhancedChangesList->recentChangesLine( $recentChange, false );
 
                $html = $enhancedChangesList->endRecentChangesList();
-               $this->assertContains( 'data-mw-revid="5"', $html );
+               $this->assertRegExp( '/data-mw-revid="5" 
class="[^"]*mw-enhanced-rc[^"]*"/', $html );
 
                $recentChange2 = $this->getEditChange( '20131103092253' );
                $enhancedChangesList->recentChangesLine( $recentChange2, false 
);

-- 
To view, visit https://gerrit.wikimedia.org/r/359047
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic24400382a9dcbb990e12dfddae4ab7db14553cc
Gerrit-PatchSet: 6
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: 20after4 <mmod...@wikimedia.org>
Gerrit-Reviewer: Bmansurov <bmansu...@wikimedia.org>
Gerrit-Reviewer: Catrope <r...@wikimedia.org>
Gerrit-Reviewer: Florianschmidtwelzow <florian.schmidt.stargatewis...@gmail.com>
Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Jackmcbarn <jackmcb...@gmail.com>
Gerrit-Reviewer: Ladsgroup <ladsgr...@gmail.com>
Gerrit-Reviewer: Pmiazga <pmia...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits