r67627 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r67626‎ | r67627 | r67628 >
Date:15:17, 8 June 2010
Author:platonides
Status:deferred (Comments)
Tags:
Comment:
Fix entity error and potential injection.
Modified paths:
  • /trunk/extensions/EmailPage/EmailPage.php (modified) (history)

Diff [purge]

Index: trunk/extensions/EmailPage/EmailPage.php
@@ -53,7 +53,7 @@
5454 function wfEmailPageToolboxLink() {
5555 global $wgTitle, $wgUser, $wgEmailPageGroup;
5656 if ( is_object( $wgTitle ) && ( empty($wgEmailPageGroup) || in_array( $wgEmailPageGroup, $wgUser->getEffectiveGroups() ) ) ) {
57 - $url = Title::makeTitle( NS_SPECIAL, 'EmailPage' )->getLocalURL( 'ea-title='.$wgTitle->getPrefixedText() );
 57+ $url = htmlspecialchars( Title::makeTitle( NS_SPECIAL, 'EmailPage' )->getLocalURL( array('ea-title' => $wgTitle->getPrefixedText() ) ) );
5858 echo( "<li><a href=\"$url\">" . wfMsg( 'emailpage' ) . "</a></li>" );
5959 }
6060 return true;
@@ -62,7 +62,7 @@
6363 function wfEmailPageActionLink( $skin, &$actions ) {
6464 global $wgTitle, $wgUser, $wgEmailPageGroup;
6565 if ( is_object( $wgTitle ) && ( empty( $wgEmailPageGroup ) || in_array( $wgEmailPageGroup, $wgUser->getEffectiveGroups() ) ) ) {
66 - $url = Title::makeTitle( NS_SPECIAL, 'EmailPage' )->getLocalURL('ea-title='.$wgTitle->getPrefixedText() );
 66+ $url = Title::makeTitle( NS_SPECIAL, 'EmailPage' )->getLocalURL( array('ea-title' => $wgTitle->getPrefixedText() ) );
6767 $actions['email'] = array( 'text' => wfMsg( 'email' ), 'class' => false, 'href' => $url );
6868 }
6969 return true;

Follow-up revisions

RevisionCommit summaryAuthorDate
r67636r67627#c7076 suggestion of SpecialPage::getTitleFor + stylize.phpplatonides16:35, 8 June 2010

Comments

#Comment by Siebrand (talk | contribs)   16:24, 8 June 2010

Why not use "SpecialPage::getTitleFor( 'EmailPage' )" instead of "Title::makeTitle( NS_SPECIAL, 'EmailPage' )"?

Code spacing is also not up to standards. Consider running this through stylize.php.

Status & tagging log