[MediaWiki-commits] [Gerrit] Escaping titles on revision history and diff pages - change (mediawiki...Wikibase)

Henning Snater (Code Review) Mon, 28 Oct 2013 07:23:01 -0700

Henning Snater has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/92308



Change subject: Escaping titles on revision history and diff pages
......................................................................

Escaping titles on revision history and diff pages

(bug 52706)
Escaping entity labels on revision history and diff pages.

Change-Id: If6cf937596053ed298c350e5371b8dc6c9bb56cd
---
M repo/includes/actions/HistoryEntityAction.php
M repo/includes/actions/ViewEntityAction.php
2 files changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase 
refs/changes/08/92308/1

diff --git a/repo/includes/actions/HistoryEntityAction.php 
b/repo/includes/actions/HistoryEntityAction.php
index 4193053..3bb4fd8 100644
--- a/repo/includes/actions/HistoryEntityAction.php
+++ b/repo/includes/actions/HistoryEntityAction.php
@@ -87,7 +87,7 @@
 
                if ( isset( $labelText ) ) {
                        return $this->msg( 'wikibase-history-title-with-label' )
-                               ->rawParams( $prefixedId, $labelText )->text();
+                               ->rawParams( $prefixedId, htmlspecialchars( 
$labelText ) )->text();
                }
                else {
                        return $this->msg( 
'wikibase-history-title-without-label' )
diff --git a/repo/includes/actions/ViewEntityAction.php 
b/repo/includes/actions/ViewEntityAction.php
index fb6fa1a..e6231af 100644
--- a/repo/includes/actions/ViewEntityAction.php
+++ b/repo/includes/actions/ViewEntityAction.php
@@ -261,7 +261,7 @@
                                        // or should set the attribute of the 
h1 to correct direction.
                                        // Still note that the direction is 
"auto" so guessing should
                                        // give the right direction in most 
cases.
-                               )->rawParams( $labelText )
+                               )->rawParams( htmlspecialchars( $labelText ) )
                        );
                } else {
                        // Prevent replacing {{...}} by using rawParams() 
instead of params():

-- 
To view, visit https://gerrit.wikimedia.org/r/92308
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If6cf937596053ed298c350e5371b8dc6c9bb56cd
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: master
Gerrit-Owner: Henning Snater <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Escaping titles on revision history and diff pages - change (mediawiki...Wikibase)

Reply via email to