r60084 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r60083‎ \| r60084 \| r60085 >
Date:	18:48, 15 December 2009
Author:	yaron
Status:	deferred
Tags:
Comment:	Added HTML-escaping of values
Modified paths:	/trunk/extensions/SemanticDrilldown/includes/SD_AppliedFilter.php (modified) (history) /trunk/extensions/SemanticDrilldown/includes/SD_FilterValue.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticDrilldown/includes/SD_AppliedFilter.php
—	—	@@ -18,7 +18,7 @@
19	19	function create($filter, $values, $search_term = null, $lower_date = null, $upper_date = null) {
20	20	$af = new SDAppliedFilter();
21	21	$af->filter = $filter;
22		~~- $af->search_term = str_replace('_', ' ', $search_term);~~
	22	+ $af->search_term = htmlspecialchars(str_replace('_', ' ', $search_term));
23	23	if ($lower_date != null) {
24	24	$af->lower_date = $lower_date;
25	25	$af->lower_date_string = SDUtils::monthToString($lower_date['month']) . " " . $lower_date['day'] . ", " . $lower_date['year'];
Index: trunk/extensions/SemanticDrilldown/includes/SD_FilterValue.php
—	—	@@ -18,7 +18,7 @@
19	19
20	20	function create($actual_val, $filter_time_period = null) {
21	21	$fv = new SDFilterValue();
22		~~- $fv->text = $actual_val;~~
	22	+ $fv->text = htmlspecialchars($actual_val);
23	23
24	24	if ($fv->text == ' none')
25	25	$fv->is_none = true;

06:32, 21 December 2009 Tim Starling (talk | contribs) changed the status of r60084 [removed: new added: deferred]