r25832 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r25831‎ \| r25832 \| r25833 >
Date:	19:06, 13 September 2007
Author:	brion
Status:	old (Comments)
Tags:
Comment:	Reverting r25082: Do not restore security vulnerabilities to the codebase after a security release. Especially don't MAKE THEM WORSE IN THE PROCESS.
Modified paths:	/trunk/phase3/includes/api/ApiFormatBase.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiFormatBase.php
—	—	@@ -158,6 +158,8 @@
159	159	* This method also replaces any '<' with <
160	160	*/
161	161	protected function formatHTML($text) {
	162	+ // Escape everything first for full coverage
	163	+ $text = htmlspecialchars($text);
162	164
163	165	// encode all comments or tags as safe blue strings
164	166	$text = preg_replace('/\<(!--.?--\|.?)\>/', '<span style="color:blue;"><\1></span>', $text);

Follow-up revisions

Revision	Commit summary	Author	Date
r25849	Merged revisions 25804-25848 via svnmerge from...	david	06:54, 14 September 2007

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r25082	* (bug 5206) Add accesskey ',' to 'preferences' navigationlink...	raymond	09:34, 23 August 2007

Comments

#Comment by MZMcBride (talk | contribs) 18:51, 17 February 2010

The code comment should read "Reverting r25802."

Status & tagging log

15:20, 12 September 2011 Meno25 (talk | contribs) changed the status of r25832 [removed: ok added: old]