https://bugzilla.wikimedia.org/show_bug.cgi?id=16294
--- Comment #8 from Brad Jorsch <[email protected]> 2008-12-13 20:36:40 UTC --- (Line numbers are after applying the patch) I see you added a 'cite_error_references_nested' error! Shouldn't the "ref was" part be localizable, though? Also, can the old check (lines 158-161) be removed, or is it still useful? {{#tag:ref||name=0}} fails. At line 143, it should be is_null($key) instead of $key==false. When the ref tag has unknown parameters (e.g. <ref name="foo" value="bar">), false is returned from refArg into $key. Instead of generating an error, these are now all being treated as <ref name="" group="0"> would be were name="" allowed. Either restore the check for $key===false in guardedRef, or change refArg to silently ignore unknown parameters. You're not escaping the group when outputting the inline ref tags: try <ref group="<script>alert('Pwned!')</script>">Uh-oh</ref>. Passing $text through htmlspecialchars in referencePlaceText seems to take care of it. For the 'cite_error_references_no_text' error, you are not properly escaping the key. But here it seems you can only inject wikitext, so it's just aesthetic rather than a security hole. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
