Fomafix has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/390223 )
Change subject: thumb.php: Set ENT_NOQUOTES for htmlspecialchars ...................................................................... thumb.php: Set ENT_NOQUOTES for htmlspecialchars There is no need to escape double quotes in content of HTML and in HTML comments. ENT_NOQUOTES escapes '<', '>', '&' but not "'" and '"'. https://secure.php.net/manual/en/function.htmlspecialchars.php Change-Id: I7146df9582fc1d9742b9e1b0e4f03d7c7d2ed91f --- M thumb.php 1 file changed, 4 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/23/390223/1 diff --git a/thumb.php b/thumb.php index 7c3e757..02ac0b0 100644 --- a/thumb.php +++ b/thumb.php @@ -572,7 +572,7 @@ * @return void */ function wfThumbErrorText( $status, $msgText ) { - wfThumbError( $status, htmlspecialchars( $msgText ) ); + wfThumbError( $status, htmlspecialchars( $msgText, ENT_NOQUOTES ) ); } /** @@ -602,9 +602,10 @@ if ( $wgShowHostnames ) { header( 'X-MW-Thumbnail-Renderer: ' . wfHostname() ); $url = htmlspecialchars( - isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' + isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '', + ENT_NOQUOTES ); - $hostname = htmlspecialchars( wfHostname() ); + $hostname = htmlspecialchars( wfHostname(), ENT_NOQUOTES ); $debug = "<!-- $url -->\n<!-- $hostname -->\n"; } else { $debug = ''; -- To view, visit https://gerrit.wikimedia.org/r/390223 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7146df9582fc1d9742b9e1b0e4f03d7c7d2ed91f Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Fomafix <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
