r16286 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r16285‎ \| r16286 \| r16287 >
Date:	14:26, 30 August 2006
Author:	daniel
Status:	old
Tags:
Comment:	fixed html injection in AjaxTest
Modified paths:	/trunk/extensions/AjaxTest/AjaxTest.php (modified) (history)

Diff [purge]

Index: trunk/extensions/AjaxTest/AjaxTest.php
—	—	@@ -48,7 +48,7 @@
49	49	* This loads CategoryTreeFunctions.php and calls CategoryTree::ajax()
50	50	*/
51	51	function efAjaxTest( $text, $usestring, $httpcache, $lastmod, $error ) {
52		~~- $text .= "(".wfTimestampNow()."\|u:$usestring\|h:$httpcache\|l:$lastmod\|e:$error)";~~
	52	+ $text = htmlspecialchars($text) . "(".wfTimestampNow().")";
53	53
54	54	if ($usestring) return $text;
55	55	else {