http://www.mediawiki.org/wiki/Special:Code/MediaWiki/99804
Revision: 99804
Author: kaldari
Date: 2011-10-14 21:03:49 +0000 (Fri, 14 Oct 2011)
Log Message:
-----------
escaping input to prevent XSS
Modified Paths:
--------------
branches/fundraising/extensions/DonationInterface/gateway_forms/OneStepTwoColumn.php
Modified:
branches/fundraising/extensions/DonationInterface/gateway_forms/OneStepTwoColumn.php
===================================================================
---
branches/fundraising/extensions/DonationInterface/gateway_forms/OneStepTwoColumn.php
2011-10-14 20:50:18 UTC (rev 99803)
+++
branches/fundraising/extensions/DonationInterface/gateway_forms/OneStepTwoColumn.php
2011-10-14 21:03:49 UTC (rev 99804)
@@ -215,10 +215,10 @@
$form .= Xml::openElement( 'div', array( 'id' =>
'payflowpro_gateway-personal-info' ) );
$form .= Xml::tags( 'h3', array( 'class' =>
'payflow-cc-form-header', 'id' => 'payflow-cc-form-header-personal' ), wfMsg(
'payflowpro_gateway-make-your-donation' ) );
if ( !$this->paypal ) {
- $source = $wgRequest->getText( 'utm_source' );
- $medium = $wgRequest->getText( 'utm_medium' );
- $campaign = $wgRequest->getText( 'utm_campaign' );
- $formname = $wgRequest->getText( 'form_name' );
+ $source = htmlspecialchars( $wgRequest->getText(
'utm_source' ) );
+ $medium = htmlspecialchars( $wgRequest->getText(
'utm_medium' ) );
+ $campaign = htmlspecialchars( $wgRequest->getText(
'utm_campaign' ) );
+ $formname = htmlspecialchars( $wgRequest->getText(
'form_name' ) );
$form .= Xml::Tags( 'p', array( 'id' =>
'payflowpro_gateway-cc_otherways' ), wfMsg( 'payflowpro_gateway-paypal',
$wgScriptPath, $formname, $source, $medium, $campaign ) );
}
$form .= Xml::openElement( 'table', array( 'id' =>
'payflow-table-donor' ) );
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
