On Thu, Mar 26, 2009 at 3:24 PM, Ilmari Karonen <[email protected]> wrote: > --- includes/CategoryPage.php (revision 48416) > +++ includes/CategoryPage.php (working copy) > @@ -189,7 +189,7 @@ > */ > function addPage( $title, $sortkey, $pageLength, $isRedirect = false ) > { > global $wgContLang; > - $titletext = $wgContLang->convert( $title->getPrefixedText() > ); > + $titletext = $wgContLang->convert( $sortkey ); > $this->articles[] = $isRedirect > ? '<span class="redirect-in-category">' . > $this->getSkin()->makeKnownLinkObj( $title, $titletext ) . '</span>' > : $this->getSkin()->makeSizeLinkObj( $pageLength, > $title, $titletext ); > > It would be easy to make this depend on a config option, too. If anyone > else thinks that would be a good idea, I can commit it.
Doesn't this introduce a trivial XSS vulnerability? _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
