https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #14 from Erik Bernhardson <[email protected]> --- includes/Model/UUID * removed debugging backtrace in https://gerrit.wikimedia.org/r/99285 includes/Repository/SelectQueryBuilder * removed unused class in https://gerrit.wikimedia.org/r/99282 includes/Data/BoardHistoryStorage * share query sanitization with BasicDbStorage https://gerrit.wikimedia.org/r/99035 includes/Data/RevisionStorage * RevisionStorage::findInternal $attributes, RevisionStorage::insert $rev, RevisionStorage::insertRelated $tree and HeadeRevisionStorage::insertRelated -validate query conditions - https://gerrit.wikimedia.org/r/99035 * $options in RevisionStorage:findInternal was missed, patch is not yet in gerrit but is coming soon * RevisionStorage::findMostRecent - was broken, $keys replaced with static value (from self::relatedPk method which returns static string in all implementations) - https://gerrit.wikimedia.org/r/99559 includes/View/PostActionMenu * documented getAction()'s $content is unescaped - https://gerrit.wikimedia.org/r/99561 includes/View/History/HistoryRenderer * docuemnted getTimespans return values as raw html - https://gerrit.wikimedia.org/r/99562 templates/history-line.html.php * escaped $class - https://gerrit.wikimedia.org/r/99293 templates/post.html.php * escaped $post->getModerationState() - https://gerrit.wikimedia.org/r/99564 * double quote all html attributes - https://gerrit.wikimedia.org/r/99573 * exploitable xss - https://gerrit.wikimedia.org/r/99287 includes/View/Post * use escaped() in editPostButton, hidePostButton, deletePostButton, etc instead of plain() to comply with (now) documented assumptions of PostActionMenu::getButton - https://gerrit.wikimedia.org/r/99561 templates/topic.html.php * double quote all attributes - https://gerrit.wikimedia.org/r/99573 * escape AbstractRevision::getModerationState() - https://gerrit.wikimedia.org/r/99564 and https://gerrit.wikimedia.org/r/99287 * escape calls to PostActionMenu::getButton - https://gerrit.wikimedia.org/r/99561 * escape flow-topic-comments message - https://gerrit.wikimedia.org/r/99585 -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
