"Tim Starling" changed the status of MediaWiki.r106223 to "fixme" and commented it. URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/106223#c28664
Old Status: resolved > New Status: fixme Commit summary for MediaWiki.r106223: follow up -r 105969 - update feedback response email with latest copy Tim Starling's comment: <pre> + $textBody = MessageCache::singleton()->transform( $textBody, false, null, $this->title ); </pre> What is the reason for doing this second apparently redundant transformation of the message text? It has the potential to introduce untrusted user input into the HTML. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
