r50092 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r50091‎ | r50092 | r50093 >
Date:06:06, 1 May 2009
Author:tstarling
Status:deferred
Tags:
Comment:
Backported r49051/r49775: fixes unreleased XSS
Modified paths:
  • /branches/REL1_15/phase3 (modified) (history)
  • /branches/REL1_15/phase3/includes/specials/SpecialUpload.php (modified) (history)

Diff [purge]

Index: branches/REL1_15/phase3/includes/specials/SpecialUpload.php
@@ -1157,8 +1157,7 @@
11581158 );
11591159 if( $this->mForReUpload ) {
11601160 $wgOut->addHTML(
1161 - "<input tabindex='2' type='hidden' name='wpDestFile' id='wpDestFile'
1162 - value='{$encDestName}' />" .
 1161+ Xml::hidden( 'wpDestFile', $this->mDesiredDestName, array('id'=>'wpDestFile','tabindex'=>2) ) .
11631162 "<tt>" .
11641163 $encDestName .
11651164 "</tt>"
@@ -1167,7 +1166,7 @@
11681167 else {
11691168 $wgOut->addHTML(
11701169 "<input tabindex='2' type='text' name='wpDestFile' id='wpDestFile' size='60'
1171 - value='{$encDestName}' onchange='toggleFilenameFiller()' $destOnkeyup />"
 1170+ value=\"{$encDestName}\" onchange='toggleFilenameFiller()' $destOnkeyup />"
11721171 );
11731172 }
11741173
@@ -1254,7 +1253,8 @@
12551254 <tr>
12561255 <td></td>
12571256 <td class='mw-input'>
1258 - <input tabindex='9' type='submit' name='wpUpload' value=\"{$ulb}\"" . $wgUser->getSkin()->tooltipAndAccesskey( 'upload' ) . " />
 1257+ <input tabindex='9' type='submit' name='wpUpload' value=\"{$ulb}\"" .
 1258+ $wgUser->getSkin()->tooltipAndAccesskey( 'upload' ) . " />
12591259 </td>
12601260 </tr>
12611261 <tr>
Property changes on: branches/REL1_15/phase3
___________________________________________________________________
Name: svn:mergeinfo
12621262 - /trunk/phase3:49068,49086
12631263 + /trunk/phase3:49051,49068,49086,49775

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r49051(bug 18263) Escape single-quotes for wpDestFormaaron23:31, 30 March 2009
r49775Fixed XSS.tstarling14:38, 23 April 2009

Status & tagging log