r75016 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r75015‎ \| r75016 \| r75017 >
Date:	17:34, 19 October 2010
Author:	catrope
Status:	deferred
Tags:
Comment:	CentralNotice: Merge r75015 from 1.16wmf4 (CentralNotice XSS fix)
Modified paths:	/trunk/extensions/CentralNotice/SpecialBannerController.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CentralNotice/SpecialBannerController.php
—	—	@@ -55,7 +55,8 @@
56	56	'fn': {
57	57	'loadBanner': function( bannerName ) {
58	58	// Get the requested banner
59		~~- var bannerPage = 'Special:BannerLoader?banner='+bannerName+'&userlang='+wgUserLanguage+'&db='+wgDBname+'&sitename='+wgSiteName+'&country='+Geo.country;~~
	59	+ var bannerPageQuery = $.param( { 'banner': bannerName, 'userlang': wgUserLanguage, 'db': wgDBname, 'sitename': wgSiteName, 'country': Geo.country } );
	60	+ var bannerPage = 'Special:BannerLoader?' + bannerPageQuery;
60	61	EOT;
61	62	$js .= "\n\t\t\t\tvar bannerScript = '<script type=\"text/javascript\" src=\"".Xml::escapeJsString( $wgCentralPagePath )."' + bannerPage + '\"></script>';\n";
62	63	$js .= <<<EOT
—	—	@@ -68,7 +69,8 @@
69	70	} else {
70	71	var geoLocation = Geo.country; // pull the geo info
71	72	}
72		~~- var bannerListPage = 'Special:BannerListLoader?language='+wgContentLanguage+'&project='+wgNoticeProject+'&country='+geoLocation;~~
	73	+ var bannerListQuery = $.param( { 'language': wgContentLanguage, 'project': wgNoticeProject, 'country': geoLocation } );
	74	+ var bannerListPage = 'Special:BannerListLoader?' + bannerListQuery;
73	75	bannerListURL = wgArticlePath.replace( '$1', bannerListPage );
74	76	var request = $.ajax( {
75	77	url: bannerListURL,

Revision	Commit summary	Author	Date
r75015	1.16wmf4: Committing live fix for CentralNotice XSS	catrope	17:32, 19 October 2010

03:55, 1 January 2011 Reedy (talk | contribs) changed the status of r75016 [removed: new added: deferred]