r47504 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r47503‎ \| r47504 \| r47505 >
Date:	19:08, 19 February 2009
Author:	aaron
Status:	ok
Tags:
Comment:	escape $wgScript here
Modified paths:	/trunk/phase3/includes/specials/SpecialListUserRestrictions.php (modified) (history) /trunk/phase3/includes/specials/SpecialRestrictUser.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/specials/SpecialRestrictUser.php
—	—	@@ -37,7 +37,8 @@
38	38	class RestrictUserForm {
39	39	public static function selectUserForm( $val = null, $error = null ) {
40	40	global $wgScript, $wgTitle;
41		~~- $s = Xml::fieldset( wfMsg( 'restrictuser-userselect' ) ) . "<form action=\"{$wgScript}\">";~~
	41	+ $action = htmlspecialchars( $wgScript );
	42	+ $s = Xml::fieldset( wfMsg( 'restrictuser-userselect' ) ) . "<form action=\"{$action}\">";
42	43	if( $error )
43	44	$s .= '<p>' . $error . '</p>';
44	45	$s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );
Index: trunk/phase3/includes/specials/SpecialListUserRestrictions.php
—	—	@@ -24,9 +24,10 @@
25	25	class SpecialListUserRestrictionsForm {
26	26	public function getHTML() {
27	27	global $wgRequest, $wgScript, $wgTitle;
	28	+ $action = htmlspecialchars( $wgScript );
28	29	$s = '';
29	30	$s .= Xml::fieldset( wfMsg( 'listuserrestrictions-legend' ) );
30		~~- $s .= "<form action=\"{$wgScript}\">";~~
	31	+ $s .= "<form action=\"{$action}\">";
31	32	$s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );
32	33	$s .= Xml::label( wfMsgHtml( 'listuserrestrictions-type' ), 'type' ) . ' ' .
33	34	self::typeSelector( 'type', $wgRequest->getVal( 'type' ), 'type' );

23:16, 3 March 2009 Brion VIBBER (talk | contribs) changed the status of r47504 [removed: new added: ok]