r12529 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r12528‎ \| r12529 \| r12530 >
Date:	19:02, 8 January 2006
Author:	hashar
Status:	old
Tags:
Comment:	Fix security issues: * Bug 4083: Special:Validation doesn't check wpEditToken * Possible XSS issue
Modified paths:	/trunk/phase3/includes/SpecialValidate.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SpecialValidate.php
—	—	@@ -22,8 +22,6 @@
23	23	* @package MediaWiki
24	24	* @subpackage SpecialPage
25	25	*/
26		-
27		-
28	26	class Validation {
29	27	var $topicList;
30	28	var $voteCache;
—	—	@@ -388,10 +386,12 @@
389	387	}
390	388	}
391	389	ksort( $data ) ;
	390	+ $token = htmlspecialchars( $wgUser->editToken() );
392	391
393	392	# Generate form
394	393	$table_class = $focus ? 'revisionform_focus' : 'revisionform_default';
395		~~- $ret = "<form method='post'><table class='{$table_class}'>\n";~~
	394	+ $ret = "<form method='post'><table class='{$table_class}'>\n"
	395	+ . '<input type="hidden" name="wpEditToken" value="' . $token .'" />';
396	396	$head = "Revision #" . $revision;
397	397	$link = $this->getRevisionLink( $article, $revision );
398	398	$metadata = $this->getMetadata( $revision, $article );
—	—	@@ -863,15 +863,19 @@
864	864	$mode = $wgRequest->getVal( "mode" );
865	865	$skin = $wgUser->getSkin();
866	866
867		~~- if( $mode == "manage" ) {~~
868		~~- $v = new Validation();~~
869		~~- $html = $v->manageTopics();~~
870		~~- } elseif( $mode == "userstats" ) {~~
871		~~- $v = new Validation();~~
872		~~- $user = $wgRequest->getVal( "user" );~~
873		~~- $html = $v->showUserStats( $user );~~
	867	+ $token = $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) );
	868	+
	869	+ if( $token ) {
	870	+ if( $mode == "manage" ) {
	871	+ $v = new Validation();
	872	+ $html = $v->manageTopics();
	873	+ } elseif( $mode == "userstats" ) {
	874	+ $v = new Validation();
	875	+ $user = $wgRequest->getVal( "user" );
	876	+ $html = $v->showUserStats( $user );
	877	+ }
874	878	} else {
875		~~- $html = "$mode";~~
	879	+ $html = htmlspecialchars( $mode );
876	880	$html .= "<ul>\n";
877	881
878	882	$t = Title::newFromText( "Special:Validate" );

Follow-up revisions

Revision	Commit summary	Author	Date
r12530	Second part of bug 4083: Special:Validation doesn't check wpEditToken	hashar	19:10, 8 January 2006

Status & tagging log

01:58, 13 October 2010 😂 (talk | contribs) changed the status of r12529 [removed: new added: old]