Henning Snater has uploaded a new change for review.
https://gerrit.wikimedia.org/r/72499
Change subject: Preventing replacing of templates
......................................................................
Preventing replacing of templates
(bug 48567)
Change-Id: Ib5d4bf053e53cd51359624899e494ac116e6122a
---
M lib/WikibaseLib.php
M repo/includes/actions/ViewEntityAction.php
M repo/tests/selenium/item/security_spec.rb
3 files changed, 24 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase
refs/changes/99/72499/1
diff --git a/lib/WikibaseLib.php b/lib/WikibaseLib.php
index 5a9fc13..a629888 100644
--- a/lib/WikibaseLib.php
+++ b/lib/WikibaseLib.php
@@ -161,7 +161,9 @@
}
$template = new \Wikibase\Template(
\Wikibase\TemplateRegistry::singleton(), $key, $params );
- return $template->text();
+
+ // Use plain() to prevent replacing {{...}}:
+ return $template->plain();
}
// Resource Loader Modules:
diff --git a/repo/includes/actions/ViewEntityAction.php
b/repo/includes/actions/ViewEntityAction.php
index 7482534..902b224 100644
--- a/repo/includes/actions/ViewEntityAction.php
+++ b/repo/includes/actions/ViewEntityAction.php
@@ -226,7 +226,8 @@
)
);
} else {
- $this->getOutput()->setHTMLTitle( $this->msg(
'pagetitle' )->params( $labelText ) );
+ // Prevent replacing {{...}} by using rawParams()
instead of params():
+ $this->getOutput()->setHTMLTitle( $this->msg(
'pagetitle' )->rawParams( $labelText ) );
}
}
diff --git a/repo/tests/selenium/item/security_spec.rb
b/repo/tests/selenium/item/security_spec.rb
index 57dc674..1260ee6 100644
--- a/repo/tests/selenium/item/security_spec.rb
+++ b/repo/tests/selenium/item/security_spec.rb
@@ -9,6 +9,7 @@
require 'spec_helper'
dangerous_text = "<script>$('body').empty();</script>"
+template_text = "{{Template:Foo}}"
describe "Check for security issues" do
before :all do
@@ -68,6 +69,8 @@
page.entityLabelSpan.should == dangerous_text
@browser.refresh
page.firstHeading?.should be_true
+ # Reset property label to prevent conflicts in repeated test runs:
+ page.change_label(generate_random_string(10))
end
end
it "should check if no JS injection is possible for property descriptions"
do
@@ -98,6 +101,22 @@
end
end
end
+ context "Template replacement prevention" do
+ it "should check if templates {{...}} are not replaced" do
+ visit_page(CreateItemPage) do |page|
+ page.create_new_item(generate_random_string(10),
generate_random_string(20))
+ end
+ on_page(ItemPage) do |page|
+ page.navigate_to_item
+ page.wait_for_entity_to_load
+ page.change_label(template_text)
+ page.entityLabelSpan.should == template_text
+ @browser.refresh
+ page.entityLabelSpan.should == template_text
+ @browser.title.include?(template_text).should be_true
+ end
+ end
+ end
after :all do
# tear down
end
--
To view, visit https://gerrit.wikimedia.org/r/72499
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib5d4bf053e53cd51359624899e494ac116e6122a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: master
Gerrit-Owner: Henning Snater <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
