[MediaWiki-commits] [Gerrit] mediawiki...CentralAuth[REL1_27]: SECURITY XSS in Special:GlobalGroupPermissions

Brian Wolff (Code Review) Tue, 18 Jul 2017 21:39:55 -0700

Brian Wolff has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/366196 )


Change subject: SECURITY XSS in Special:GlobalGroupPermissions
......................................................................

SECURITY XSS in Special:GlobalGroupPermissions

The group name was not properly escaped.

Issue discovered by Grunny

In master this is fixed by fadb367ad16a228cc

Bug: T134863
Change-Id: Iad7c5bb32d7fb9c38b1781cce00eec8f1e99f321
---
M includes/specials/SpecialGlobalGroupPermissions.php
1 file changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/96/366196/1

diff --git a/includes/specials/SpecialGlobalGroupPermissions.php 
b/includes/specials/SpecialGlobalGroupPermissions.php
index 7e3c4b0..61eff25 100644
--- a/includes/specials/SpecialGlobalGroupPermissions.php
+++ b/includes/specials/SpecialGlobalGroupPermissions.php
@@ -145,7 +145,7 @@
                if ( $editable ) {
                        $fields['centralauth-editgroup-name'] = Xml::input( 
'wpGlobalGroupName', 50, $group );
                } else {
-                       $fields['centralauth-editgroup-name'] = $group;
+                       $fields['centralauth-editgroup-name'] = 
htmlspecialchars( $group );
                }
 
                if( $this->getUser()->isAllowed( 'editinterface' ) ) {
@@ -153,8 +153,8 @@
                        $fields['centralauth-editgroup-display'] = $this->msg( 
'centralauth-editgroup-display-edit', $group, User::getGroupName( $group ) 
)->parse();
                        $fields['centralauth-editgroup-member'] = $this->msg( 
'centralauth-editgroup-member-edit', $group, User::getGroupMember( $group ) 
)->parse();
                } else {
-                       $fields['centralauth-editgroup-display'] = 
User::getGroupName( $group );
-                       $fields['centralauth-editgroup-member'] = 
User::getGroupMember( $group );
+                       $fields['centralauth-editgroup-display'] = 
htmlspecialchars( User::getGroupName( $group ) );
+                       $fields['centralauth-editgroup-member'] = 
htmlspecialchars( User::getGroupMember( $group ) );
                }
                $fields['centralauth-editgroup-members'] = $this->msg( 
'centralauth-editgroup-members-link', $group, User::getGroupMember( $group ) 
)->parse();
                $fields['centralauth-editgroup-restrictions'] = 
$this->buildWikiSetSelector( $group );

-- 
To view, visit https://gerrit.wikimedia.org/r/366196
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iad7c5bb32d7fb9c38b1781cce00eec8f1e99f321
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: REL1_27
Gerrit-Owner: Brian Wolff <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...CentralAuth[REL1_27]: SECURITY XSS in Special:GlobalGroupPermissions

Reply via email to