r46843 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r46842‎ \| r46843 \| r46844 >
Date:	11:59, 5 February 2009
Author:	ialex
Status:	deferred
Tags:
Comment:	(bug 17366) fix for r46840: Xml::encodeJsVar() already escapes and quotes $conf->DBtype, no need to do it twice
Modified paths:	/trunk/phase3/config/index.php (modified) (history)

Diff [purge]

Index: trunk/phase3/config/index.php
—	—	@@ -1544,7 +1544,7 @@
1545	1545	</div>
1546	1546	</form>
1547	1547	<script type="text/javascript">
1548		~~-window.onload = toggleDBarea('<?php echo htmlspecialchars( Xml::encodeJsVar( $conf->DBtype ) ); ?>',~~
	1548	+window.onload = toggleDBarea( <?php echo Xml::encodeJsVar( $conf->DBtype ); ?>,
1549	1549	<?php
1550	1550	## If they passed in a root user name, don't populate it on page load
1551	1551	echo strlen(importPost('RootUser', '')) ? 0 : 1;

Follow-up revisions

Revision	Commit summary	Author	Date
r46891	Backported r46840, r46843, r46889	tstarling	04:54, 6 February 2009
r46892	Backported r46840, r46843, r46889 (installer XSS fixes)	tstarling	05:05, 6 February 2009
r46898	Backported r46840, r46843, r46889 (installer XSS fixes)	tstarling	05:47, 6 February 2009
r46899	Backported r46840, r46843, r46889 (installer XSS fixes)	tstarling	06:29, 6 February 2009

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r46840	* Fixed a whole lot of XSS vulnerabilities in the installer. All require a li...	tstarling	08:56, 5 February 2009

Status & tagging log

00:20, 14 September 2011 Meno25 (talk | contribs) changed the status of r46843 [removed: old added: deferred]