"Catrope" changed the status of MediaWiki.r108297 to "fixme" and commented it. URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/108297#c29276
Old Status: new > New Status: fixme Commit summary for MediaWiki.r108297: Adding top responders leaderboard to feedback dashboard page Catrope's comment: <pre> + '<span>' . $row->number . '</span></li>'; </pre> To reduce reviewer anxiety, please cast <code>$row->number</code> to an integer, or escape it. I know it's an integer by tracking it back to the query, but you should aim to write code in a way that doesn't require a reviewer to track a variable through the file to determine if your code is secure. OK otherwise. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
