r38307 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r38306‎ \| r38307 \| r38308 >
Date:	16:43, 31 July 2008
Author:	simetrical
Status:	old
Tags:
Comment:	Fix what I'm quite sure is an XSS exploit in the CSS extension, from r38275. See post to Wikitech-l. This patch is untested, so feel free to revert if I'm wrong.
Modified paths:	/trunk/extensions/CSS/CSS.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CSS/CSS.php
—	—	@@ -41,12 +41,10 @@
42	42	if (ereg('\\{', $css)) {
43	43
44	44	# Inline CSS
45		~~- $css = trim(Sanitizer::checkCss($css));~~
	45	+ $css = htmlspecialchars(trim(Sanitizer::checkCss($css)));
46	46	$parser->mOutput->addHeadItem( <<<EOT
47	47	<style type="text/css">
48		~~-/<![CDATA[/~~
49	48	{$css}
50		~~-/]]>/~~
51	49	</style>
52	50	EOT
53	51	);

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r38275	I meant to say should not use htmlspecialchars, it makes invalid CSS syntax...	nad	03:36, 31 July 2008

Status & tagging log

15:29, 12 September 2011 Meno25 (talk | contribs) changed the status of r38307 [removed: ok added: old]