r69953 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r69952‎ \| r69953 \| r69954 >
Date:	17:45, 26 July 2010
Author:	platonides
Status:	deferred
Tags:
Comment:	MFT r69952 + RELEASE-NOTES
Modified paths:	/branches/REL1_16/phase3/RELEASE-NOTES (modified) (history) /branches/REL1_16/phase3/profileinfo.php (modified) (history)

Diff [purge]

Index: branches/REL1_16/phase3/profileinfo.php
—	—	@@ -65,7 +65,8 @@
66	66	<?php
67	67
68	68	if ( !$wgEnableProfileInfo ) {
69		~~- echo "disabled\n";~~
	69	+ echo "<p>Disabled</p>\n";
	70	+ echo "</body></html>";
70	71	exit( 1 );
71	72	}
72	73
—	—	@@ -251,8 +252,8 @@
252	253	if ( $_expand === false )
253	254	$_expand = $expand;
254	255
255		~~- $nfilter = $_filter ? $_filter : $filter;~~
256		~~- $nsort = $_sort ? $_sort : $sort;~~
	256	+ $nfilter = $_filter ? htmlspecialchars( $_filter ) : htmlspecialchars( $filter );
	257	+ $nsort = $_sort ? htmlspecialchars( $_sort ) : htmlspecialchars( $sort );
257	258	$exp = urlencode( implode( ',', array_keys( $_expand ) ) );
258	259	return "?filter=$nfilter&sort=$nsort&expand=$exp";
259	260	}
Index: branches/REL1_16/phase3/RELEASE-NOTES
—	—	@@ -64,6 +64,7 @@
65	65	* (bug xxxxx) Fixed Cache-Control headers sent from API modules, to protect
66	66	user privacy in the case where an attacker can access the wiki through the
67	67	same HTTP proxy as a logged-in user.
	68	+* Fixed XSS in profileinfo.php for users with $wgEnableProfileInfo = true;
68	69
69	70	== Changes since 1.16 beta 2 ==
70	71

Revision	Commit summary	Author	Date
r69952	Close the web page when it is disabled....	platonides	17:41, 26 July 2010

10:03, 3 December 2010 Reedy (talk | contribs) changed the status of r69953 [removed: new added: deferred]