https://www.mediawiki.org/wiki/Special:Code/MediaWiki/114683
Revision: 114683
Author: reedy
Date: 2012-04-03 17:53:21 +0000 (Tue, 03 Apr 2012)
Log Message:
-----------
Bug 35673 - XSS vulnerability in mobile search
Modified Paths:
--------------
branches/wmf/1.19wmf1/extensions/MobileFrontend/templates/SearchTemplate.php
Modified:
branches/wmf/1.19wmf1/extensions/MobileFrontend/templates/SearchTemplate.php
===================================================================
---
branches/wmf/1.19wmf1/extensions/MobileFrontend/templates/SearchTemplate.php
2012-04-03 11:46:06 UTC (rev 114682)
+++
branches/wmf/1.19wmf1/extensions/MobileFrontend/templates/SearchTemplate.php
2012-04-03 17:53:21 UTC (rev 114683)
@@ -8,14 +8,14 @@
public function getHTML() {
- $searchField = Xml::escapeJsString( $this->data['searchField']
);
+ $searchField = Sanitizer::encodeAttribute(
$this->data['searchField'] );
$mainPageUrl = $this->data['mainPageUrl'];
$randomPageUrl = $this->data['randomPageUrl'];
$homeButton =
$this->data['messages']['mobile-frontend-home-button'];
$randomButton =
$this->data['messages']['mobile-frontend-random-button'];
- $clearText = Xml::escapeJsString(
$this->data['messages']['mobile-frontend-clear-search'] );
+ $clearText = Sanitizer::encodeAttribute(
$this->data['messages']['mobile-frontend-clear-search'] );
$searchValue =
$this->data['messages']['mobile-frontend-search-submit'];
- $placeholder = Xml::escapeJsString(
$this->data['messages']['mobile-frontend-placeholder'] );
+ $placeholder = Sanitizer::encodeAttribute(
$this->data['messages']['mobile-frontend-placeholder'] );
$scriptUrl = wfScript();
$searchBoxDisplayNone = ( $this->data['hideSearchBox'] ) ? '
style="display: none;" ' : '';
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
