coren has submitted this change and it was merged.
Change subject: content/status: escape job name
......................................................................
content/status: escape job name
Since job name is user-provided, it's safer to escape it on output.
Change-Id: I1ce1f1caac59fb9e58d2052df6eff947ffee7448
---
M www/content/status.php
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
coren: Verified; Looks good to me, approved
diff --git a/www/content/status.php b/www/content/status.php
index eb72ff4..0a4bf0b 100644
--- a/www/content/status.php
+++ b/www/content/status.php
@@ -134,7 +134,7 @@
continue;
?><TR CLASS="jobline-<?= $j['state'] ?>">
<TD CLASS="jobno"><?= $jobid ?></TD>
- <TD CLASS="jobname"><SPAN><?= $j['name'] ?></SPAN></TD>
+ <TD CLASS="jobname"><SPAN><?= htmlspecialchars($j['name'])
?></SPAN></TD>
<TD CLASS="jobtool"><A HREF="/?list#<?= $j['tool'] ?>"><?=
$j['tool'] ?></A></TD>
<TD CLASS="jobstate"><SPAN><?= ucfirst($j['queue']) ?> / <?=
ucfirst($j['state']) ?></SPAN></TD>
<TD CLASS="jobtime"><SPAN><?= strftime("%F %T", $j['sub'])
?></SPAN></TD>
--
To view, visit https://gerrit.wikimedia.org/r/70631
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I1ce1f1caac59fb9e58d2052df6eff947ffee7448
Gerrit-PatchSet: 1
Gerrit-Project: labs/toollabs
Gerrit-Branch: master
Gerrit-Owner: coren <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
