https://bugzilla.wikimedia.org/show_bug.cgi?id=57270

--- Comment #14 from Erik Bernhardson <[email protected]> ---
includes/Model/UUID
* removed debugging backtrace in https://gerrit.wikimedia.org/r/99285

includes/Repository/SelectQueryBuilder
* removed unused class in https://gerrit.wikimedia.org/r/99282

includes/Data/BoardHistoryStorage
* share query sanitization with BasicDbStorage
https://gerrit.wikimedia.org/r/99035

includes/Data/RevisionStorage
*  RevisionStorage::findInternal $attributes, RevisionStorage::insert $rev,
RevisionStorage::insertRelated $tree and HeadeRevisionStorage::insertRelated
-validate query conditions - https://gerrit.wikimedia.org/r/99035
* $options in RevisionStorage:findInternal was missed, patch is not yet in
gerrit but is coming soon
* RevisionStorage::findMostRecent - was broken, $keys replaced with static
value (from self::relatedPk method which returns static string in all
implementations) - https://gerrit.wikimedia.org/r/99559

includes/View/PostActionMenu
* documented getAction()'s $content is unescaped -
https://gerrit.wikimedia.org/r/99561

includes/View/History/HistoryRenderer
* docuemnted getTimespans return values as raw html -
https://gerrit.wikimedia.org/r/99562

templates/history-line.html.php
* escaped $class - https://gerrit.wikimedia.org/r/99293

templates/post.html.php
* escaped $post->getModerationState() - https://gerrit.wikimedia.org/r/99564
* double quote all html attributes - https://gerrit.wikimedia.org/r/99573
* exploitable xss - https://gerrit.wikimedia.org/r/99287

includes/View/Post
* use escaped() in editPostButton, hidePostButton, deletePostButton, etc
instead of plain() to comply with (now) documented assumptions of
PostActionMenu::getButton - https://gerrit.wikimedia.org/r/99561

templates/topic.html.php
* double quote all attributes - https://gerrit.wikimedia.org/r/99573
* escape AbstractRevision::getModerationState() -
https://gerrit.wikimedia.org/r/99564 and https://gerrit.wikimedia.org/r/99287
* escape calls to PostActionMenu::getButton -
https://gerrit.wikimedia.org/r/99561
* escape flow-topic-comments message - https://gerrit.wikimedia.org/r/99585

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to