r75925 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r75924‎ \| r75925 \| r75926 >
Date:	13:23, 3 November 2010
Author:	jeroendedauw
Status:	deferred
Tags:
Comment:	Fixed incorrect escaping
Modified paths:	/trunk/extensions/SemanticMediaWiki/INSTALL (modified) (history) /trunk/extensions/SemanticMediaWiki/specials/AskSpecial/SMW_SpecialAsk.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticMediaWiki/specials/AskSpecial/SMW_SpecialAsk.php
—	—	@@ -552,11 +552,12 @@
553	553	$url = htmlspecialchars( $skin->makeSpecialUrl( 'Ask', "showformatoptions=\" + this.value + \"" ) );
554	554
555	555	foreach ( $this->m_params as $param => $value ) {
556		~~- if ( $param !== 'format' ) $url .= "&params[$param]=$value";~~
	556	+ if ( $param !== 'format' ) $url .= '&params[' . Xml::escapeJsString( $param ) . ']=' . Xml::escapeJsString( $value );
557	557	}
558	558
	559	+ // FIXME: $url == XSS
559	560	$result .= "<br /><br />\n<p>" . wfMsg( 'smw_ask_format_as' ) . ' <input type="hidden" name="eq" value="yes"/>' . "\n" .
560		~~- '<select id="formatSelector" name="p[format]" onChange="JavaScript:xmlhttpPost(\'' . htmlspecialchars( $url ) . '\')">' . "\n" .~~
	561	+ '<select id="formatSelector" name="p[format]" onChange="JavaScript:xmlhttpPost(\'' . $url . '\')">' . "\n" .
561	562	' <option value="broadtable"' . ( $this->m_params['format'] == 'broadtable' ? ' selected' : '' ) . '>' .
562	563	$printer->getName() . ' (' . wfMsg( 'smw_ask_defaultformat' ) . ')</option>' . "\n";
563	564
Index: trunk/extensions/SemanticMediaWiki/INSTALL
—	—	@@ -1,4 +1,4 @@
2		~~-[[Semantic MediaWiki 1.5.2]]~~
	2	+[[Semantic MediaWiki 1.5.3]]
3	3
4	4	Install instructions for the latest SMW version are also online in a more
5	5	convenient format for reading:

15:41, 3 November 2010 Reedy (talk | contribs) changed the status of r75925 [removed: new added: deferred]