subject:"\[MediaWiki\-commits\] \[Gerrit\] Do escaping before output on Newsletter special pages \- change \(mediawiki...Newsletter\)"

[MediaWiki-commits] [Gerrit] Do escaping before output on Newsletter special pages - change (mediawiki...Newsletter)

2015-10-26 Thread jenkins-bot (Code Review)

jenkins-bot has submitted this change and it was merged.

Change subject: Do escaping before output on Newsletter special pages
..


Do escaping before output on Newsletter special pages

Bug: T116382
Change-Id: I7be05662b2da9aa0ef348835393c353147cc4c54
---
M includes/specials/SpecialNewsletter.php
M includes/specials/pagers/NewsletterManageTablePager.php
M includes/specials/pagers/NewsletterTablePager.php
3 files changed, 16 insertions(+), 15 deletions(-)

Approvals:
  Siebrand: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/specials/SpecialNewsletter.php 
b/includes/specials/SpecialNewsletter.php
index d9072ba..6007b7b 100644
--- a/includes/specials/SpecialNewsletter.php
+++ b/includes/specials/SpecialNewsletter.php
@@ -122,8 +122,9 @@
'mainpage' => array(
'type' => 'info',
'label-message' => 
'newsletter-view-mainpage',
-   'default' => Linker::link( $mainTitle, 
$mainTitle->getPrefixedText() ) . ' ' .
-   $this->msg( 'parentheses' 
)->rawParams(
+   'default' => Linker::link( $mainTitle, 
htmlspecialchars( $mainTitle->getPrefixedText() ) )
+   . ' '
+   . $this->msg( 'parentheses' 
)->rawParams(
Linker::link( 
$mainTitle, 'hist', array(), array( 'action' => 'history' ) )
)->escaped(),
'raw' => true,
diff --git a/includes/specials/pagers/NewsletterManageTablePager.php 
b/includes/specials/pagers/NewsletterManageTablePager.php
index 69169f8..152d9fe 100644
--- a/includes/specials/pagers/NewsletterManageTablePager.php
+++ b/includes/specials/pagers/NewsletterManageTablePager.php
@@ -26,10 +26,10 @@
public function getFieldNames() {
if ( $this->fieldNames === null ) {
$this->fieldNames = array(
-   'nl_id' => $this->msg( 
'newsletter-manage-header-name' )->text(),
-   'nlp_publisher_id' => $this->msg( 
'newsletter-manage-header-publisher' )->text(),
-   'permissions' => $this->msg( 
'newsletter-manage-header-permissions' )->text(),
-   'action' => $this->msg( 
'newsletter-manage-header-action' )->text(),
+   'nl_id' => $this->msg( 
'newsletter-manage-header-name' )->escaped(),
+   'nlp_publisher_id' => $this->msg( 
'newsletter-manage-header-publisher' )->escaped(),
+   'permissions' => $this->msg( 
'newsletter-manage-header-permissions' )->escaped(),
+   'action' => $this->msg( 
'newsletter-manage-header-action' )->escaped(),
);
}
return $this->fieldNames;
@@ -71,7 +71,7 @@
}
 
case 'nlp_publisher_id':
-   return User::newFromId( $value )->getName();
+   return htmlspecialchars( User::newFromId( 
$value )->getName() );
 
case 'permissions' :
return HTML::element(
@@ -82,7 +82,7 @@
'id' => 
'newslettermanage',
'checked' => 
$isPublisher ? true : false,
)
-   ) . $this->msg( 
'newsletter-publisher-radiobutton-label' )->text();
+   ) . $this->msg( 
'newsletter-publisher-radiobutton-label' )->escaped();
 
case 'action':
if ( $isPublisher ) {
diff --git a/includes/specials/pagers/NewsletterTablePager.php 
b/includes/specials/pagers/NewsletterTablePager.php
index 2b3a315..f359b71 100644
--- a/includes/specials/pagers/NewsletterTablePager.php
+++ b/includes/specials/pagers/NewsletterTablePager.php
@@ -22,15 +22,15 @@
public function getFieldNames() {
if ( $this->fieldNames === null ) {
$this->fieldNames = array(
-   'nl_name' => $this->msg( 
'newsletter-header-name' )->text(),
-   'nl_desc' => $this->msg( 
'newsletter-header-description' )->text(),
-   'nl_frequency' => $this->msg ( 
'newsletter-header-frequency' )->text(),
-   'subscriber_count' => $this->msg( 
'newsletter-header-subscriber_count' )->text(),
+

[MediaWiki-commits] [Gerrit] Do escaping before output on Newsletter special pages - change (mediawiki...Newsletter)

2015-10-23 Thread Glaisher (Code Review)

Glaisher has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/248361

Change subject: Do escaping before output on Newsletter special pages
..

Do escaping before output on Newsletter special pages

Bug: T116382
Change-Id: I7be05662b2da9aa0ef348835393c353147cc4c54
---
M includes/specials/SpecialNewsletter.php
M includes/specials/pagers/NewsletterManageTablePager.php
M includes/specials/pagers/NewsletterTablePager.php
3 files changed, 17 insertions(+), 16 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Newsletter 
refs/changes/61/248361/1

diff --git a/includes/specials/SpecialNewsletter.php 
b/includes/specials/SpecialNewsletter.php
index d9072ba..d016884 100644
--- a/includes/specials/SpecialNewsletter.php
+++ b/includes/specials/SpecialNewsletter.php
@@ -43,7 +43,7 @@
list( $id, $action ) = $params;
 
$out = $this->getOutput();
-   $this->newsletter = Newsletter::newFromID( (int)$id );
+   $this->newsletter = Newsletter::newFromID( $id );
 
 
if ( $this->newsletter ) {
@@ -122,8 +122,9 @@
'mainpage' => array(
'type' => 'info',
'label-message' => 
'newsletter-view-mainpage',
-   'default' => Linker::link( $mainTitle, 
$mainTitle->getPrefixedText() ) . ' ' .
-   $this->msg( 'parentheses' 
)->rawParams(
+   'default' => Linker::link( $mainTitle, 
htmlspecialchars( $mainTitle->getPrefixedText() ) )
+   . ' '
+   . $this->msg( 'parentheses' 
)->rawParams(
Linker::link( 
$mainTitle, 'hist', array(), array( 'action' => 'history' ) )
)->escaped(),
'raw' => true,
diff --git a/includes/specials/pagers/NewsletterManageTablePager.php 
b/includes/specials/pagers/NewsletterManageTablePager.php
index 69169f8..152d9fe 100644
--- a/includes/specials/pagers/NewsletterManageTablePager.php
+++ b/includes/specials/pagers/NewsletterManageTablePager.php
@@ -26,10 +26,10 @@
public function getFieldNames() {
if ( $this->fieldNames === null ) {
$this->fieldNames = array(
-   'nl_id' => $this->msg( 
'newsletter-manage-header-name' )->text(),
-   'nlp_publisher_id' => $this->msg( 
'newsletter-manage-header-publisher' )->text(),
-   'permissions' => $this->msg( 
'newsletter-manage-header-permissions' )->text(),
-   'action' => $this->msg( 
'newsletter-manage-header-action' )->text(),
+   'nl_id' => $this->msg( 
'newsletter-manage-header-name' )->escaped(),
+   'nlp_publisher_id' => $this->msg( 
'newsletter-manage-header-publisher' )->escaped(),
+   'permissions' => $this->msg( 
'newsletter-manage-header-permissions' )->escaped(),
+   'action' => $this->msg( 
'newsletter-manage-header-action' )->escaped(),
);
}
return $this->fieldNames;
@@ -71,7 +71,7 @@
}
 
case 'nlp_publisher_id':
-   return User::newFromId( $value )->getName();
+   return htmlspecialchars( User::newFromId( 
$value )->getName() );
 
case 'permissions' :
return HTML::element(
@@ -82,7 +82,7 @@
'id' => 
'newslettermanage',
'checked' => 
$isPublisher ? true : false,
)
-   ) . $this->msg( 
'newsletter-publisher-radiobutton-label' )->text();
+   ) . $this->msg( 
'newsletter-publisher-radiobutton-label' )->escaped();
 
case 'action':
if ( $isPublisher ) {
diff --git a/includes/specials/pagers/NewsletterTablePager.php 
b/includes/specials/pagers/NewsletterTablePager.php
index 2b3a315..f359b71 100644
--- a/includes/specials/pagers/NewsletterTablePager.php
+++ b/includes/specials/pagers/NewsletterTablePager.php
@@ -22,15 +22,15 @@
public function getFieldNames() {
if ( $this->fieldNames === null ) {
$this->fieldNames = array(
-   'nl_name' => $this->msg( 
'newsletter-header-name' )->text(),

[MediaWiki-commits] [Gerrit] Do escaping before output on Newsletter special pages - change (mediawiki...Newsletter)

[MediaWiki-commits] [Gerrit] Do escaping before output on Newsletter special pages - change (mediawiki...Newsletter)

2 matches

Site Navigation

Mail list logo

Footer information