r38275 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r38274‎ \| r38275 \| r38276 >
Date:	03:36, 31 July 2008
Author:	nad
Status:	old
Tags:
Comment:	I meant to say should not use htmlspecialchars, it makes invalid CSS syntax - bug reported on MW talk page
Modified paths:	/trunk/extensions/CSS/CSS.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CSS/CSS.php
—	—	@@ -13,7 +13,7 @@
14	14
15	15	if (!defined('MEDIAWIKI')) die('Not an entry point.');
16	16
17		~~-define('CSS_VERSION', '1.0.4, 2008-06-01');~~
	17	+define('CSS_VERSION', '1.0.5, 2008-07-31');
18	18
19	19	$wgCSSMagic = "css";
20	20	$wgExtensionFunctions[] = 'wfSetupCSS';
—	—	@@ -41,7 +41,7 @@
42	42	if (ereg('\\{', $css)) {
43	43
44	44	# Inline CSS
45		~~- $css = htmlspecialchars(trim(Sanitizer::checkCss($css)));~~
	45	+ $css = trim(Sanitizer::checkCss($css));
46	46	$parser->mOutput->addHeadItem( <<<EOT
47	47	<style type="text/css">
48	48	/<![CDATA[/

Follow-up revisions

Revision	Commit summary	Author	Date
r38307	Fix what I'm quite sure is an XSS exploit in the CSS extension, from r38275. ...	simetrical	16:43, 31 July 2008
r38322	Revert r38275, 38307 for now -- proper way to escape this stuff is being disc...	brion	23:34, 31 July 2008

Status & tagging log

15:29, 12 September 2011 Meno25 (talk | contribs) changed the status of r38275 [removed: ok added: old]