https://www.mediawiki.org/wiki/Special:Code/MediaWiki/112426
Revision: 112426
Author: siebrand
Date: 2012-02-26 12:07:21 +0000 (Sun, 26 Feb 2012)
Log Message:
-----------
Follow-up r112424: Per IAlex on IRC: Use escape() instead of plain() for
improved security.
Modified Paths:
--------------
trunk/phase3/includes/Linker.php
trunk/phase3/includes/Pager.php
trunk/phase3/includes/specials/SpecialContributions.php
Modified: trunk/phase3/includes/Linker.php
===================================================================
--- trunk/phase3/includes/Linker.php 2012-02-26 12:02:25 UTC (rev 112425)
+++ trunk/phase3/includes/Linker.php 2012-02-26 12:07:21 UTC (rev 112426)
@@ -1399,7 +1399,7 @@
return '';
} else {
$formatted = self::formatComment( $comment, $title,
$local );
- $formatted = wfMessage( 'parentheses' )->rawParams(
$formatted )->plain();
+ $formatted = wfMessage( 'parentheses' )->rawParams(
$formatted )->escape();
return " <span class=\"comment\">$formatted</span>";
}
}
@@ -1441,7 +1441,7 @@
} else {
global $wgLang;
$stxt = wfMsgExt( 'nbytes', 'parsemag',
$wgLang->formatNum( $size ) );
- $stxt = wfMessage( 'parentheses' )->rawParams( $stxt
)->plain();
+ $stxt = wfMessage( 'parentheses' )->rawParams( $stxt
)->escape();
}
$stxt = htmlspecialchars( $stxt );
return "<span class=\"history-size\">$stxt</span>";
@@ -1870,7 +1870,7 @@
$html = $delete ? wfMsgHtml( 'rev-delundel' ) : wfMsgHtml(
'rev-showdeleted' );
$tag = $restricted ? 'strong' : 'span';
$link = self::link( $sp, $html, array(), $query, array(
'known', 'noclasses' ) );
- return Xml::tags( $tag, array( 'class' => 'mw-revdelundel-link'
), wfMessage( 'parentheses' )->rawParams( $link )->plain() );
+ return Xml::tags( $tag, array( 'class' => 'mw-revdelundel-link'
), wfMessage( 'parentheses' )->rawParams( $link )->escape() );
}
/**
@@ -1883,7 +1883,7 @@
*/
public static function revDeleteLinkDisabled( $delete = true ) {
$html = $delete ? wfMsgHtml( 'rev-delundel' ) : wfMsgHtml(
'rev-showdeleted' );
- return Xml::tags( 'span', array( 'class' =>
'mw-revdelundel-link' ), wfMessage( 'parentheses' )->rawParams( $html
)->plain() );
+ return Xml::tags( 'span', array( 'class' =>
'mw-revdelundel-link' ), wfMessage( 'parentheses' )->rawParams( $html
)->escape() );
}
/* Deprecated methods */
Modified: trunk/phase3/includes/Pager.php
===================================================================
--- trunk/phase3/includes/Pager.php 2012-02-26 12:02:25 UTC (rev 112425)
+++ trunk/phase3/includes/Pager.php 2012-02-26 12:07:21 UTC (rev 112426)
@@ -771,7 +771,7 @@
$limits = $this->getLanguage()->pipeList( $limitLinks );
$firstLastLinks = wfMessage( 'parentheses' )->rawParams(
"{$pagingLinks['first']}" .
wfMsgExt( 'pipe-separator' , 'escapenoentities' ) .
- "{$pagingLinks['last']}" )->plain();
+ "{$pagingLinks['last']}" )->escape();
$this->mNavigationBar = $firstLastLinks . ' ' .
wfMsgHTML(
Modified: trunk/phase3/includes/specials/SpecialContributions.php
===================================================================
--- trunk/phase3/includes/specials/SpecialContributions.php 2012-02-26
12:02:25 UTC (rev 112425)
+++ trunk/phase3/includes/specials/SpecialContributions.php 2012-02-26
12:07:21 UTC (rev 112426)
@@ -254,7 +254,7 @@
// @todo Should this be removed at some point?
$oldMsg = $this->msg( 'contribsub' );
if ( $oldMsg->exists() ) {
- $linksWithParentheses = $this->msg( 'parenteses'
)->rawParams( $links )->plain();
+ $linksWithParentheses = $this->msg( 'parenteses'
)->rawParams( $links )->escape();
return $oldMsg->rawParams( "$user
$linksWithParentheses" );
} else {
return $this->msg( 'contribsub2' )->rawParams( $user,
$links );
@@ -839,7 +839,7 @@
$del .= ' ';
}
- $diffHistLinks = $this->msg( 'parentheses' )->rawParams(
$difftext . $this->messages['pipe-separator'] . $histlink )->plain();
+ $diffHistLinks = $this->msg( 'parentheses' )->rawParams(
$difftext . $this->messages['pipe-separator'] . $histlink )->escape();
$ret = "{$del}{$d} {$diffHistLinks}{$chardiff}{$nflag}{$mflag}
{$link}{$userlink} {$comment} {$topmarktext}";
# Denote if username is redacted for this edit
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
