r26070 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r26069‎ \| r26070 \| r26071 >
Date:	12:54, 24 September 2007
Author:	simetrical
Status:	old
Tags:
Comment:	Actually, Sanitizer::encodeAttribute() was broken, so my last fix didn't actually work, there was still HTML injection. Fixed it so it encodes single quotes too. The only other things in core that used it (or its friend safeEncodeAttribute) appear to be utility functions in Xml and Sanitizer::fixTagAttributes, all of which use double quotes. However, it's possible that the SemanticForms extension may be affected -- I didn't look closely, but it seems to safely use double-quotes.
Modified paths:	/trunk/phase3/includes/Sanitizer.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Sanitizer.php
—	—	@@ -725,7 +725,7 @@
726	726	* @return HTML-encoded text fragment
727	727	*/
728	728	static function encodeAttribute( $text ) {
729		~~- $encValue = htmlspecialchars( $text );~~
	729	+ $encValue = htmlspecialchars( $text, ENT_QUOTES );
730	730
731	731	// Whitespace is normalized during attribute decoding,
732	732	// so if we've been passed non-spaces we must encode them

Follow-up revisions

Revision	Commit summary	Author	Date
r26078	Clean up after r26070:...	brion	18:30, 24 September 2007
r26135	Merged revisions 26012-26133 via svnmerge from...	david	21:15, 25 September 2007

Status & tagging log

15:21, 12 September 2011 Meno25 (talk | contribs) changed the status of r26070 [removed: ok added: old]