r81155 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r81154‎ \| r81155 \| r81156 >
Date:	19:50, 28 January 2011
Author:	catrope
Status:	ok
Tags:
Comment:	ProofreadPage: Fix stored XSS in edit form. Report and patch by Bawolff
Modified paths:	/trunk/extensions/ProofreadPage/proofread.js (modified) (history)

Diff [purge]

Index: trunk/extensions/ProofreadPage/proofread.js
—	—	@@ -117,25 +117,20 @@
118	118	pageFooter = pageFooter.substr( 0, pageFooter.length - 6 );
119	119	}
120	120
121		~~- // escape & character~~
122		~~- pageBody = pageBody.split( '&' ).join( '&' );~~
123		~~- pageHeader = pageHeader.split( '&' ).join( '&' );~~
124		~~- pageFooter = pageFooter.split( '&' ).join( '&' );~~
125		-
126	121	container.innerHTML = '' +
127	122	'<div id="prp_header" style="">' +
128	123	'<span style="color:gray;font-size:80%;line-height:100%;">' +
129	124	escapeQuotesHTML( mediaWiki.msg( 'proofreadpage_header' ) ) + '</span>' +
130		~~- '<textarea name="wpHeaderTextbox" rows="2" cols="80" tabindex=1>' + pageHeader + '</textarea><br />' +~~
	125	+ '<textarea name="wpHeaderTextbox" rows="2" cols="80" tabindex=1>' + escapeQuotesHTML( pageHeader ) + '</textarea><br />' +
131	126	'<span style="color:gray;font-size:80%;line-height:100%;">' +
132	127	escapeQuotesHTML( mediaWiki.msg( 'proofreadpage_body' ) ) + '</span></div>' +
133	128	'<textarea name="wpTextbox1" id="wpTextbox1" tabindex=1 style="height:' + ( self.DisplayHeight - 6 ) + 'px;">' +
134		~~- pageBody + '</textarea>' +~~
	129	+ escapeQuotesHTML( pageBody ) + '</textarea>' +
135	130	'<div id="prp_footer" style="">' +
136	131	'<span style="color:gray;font-size:80%;line-height:100%;">' +
137	132	escapeQuotesHTML( mediaWiki.msg( 'proofreadpage_footer' ) ) + '</span><br />' +
138	133	'<textarea name="wpFooterTextbox" rows="2" cols="80" tabindex=1>' +
139		~~- pageFooter + '</textarea></div>';~~
	134	+ escapeQuotesHTML( pageFooter ) + '</textarea></div>';
140	135	}
141	136
142	137	function pr_reset_size() {
—	—	@@ -951,13 +946,13 @@
952	947
953	948	if( !proofreadPageAddButtons ) {
954	949	f.innerHTML =
955		~~- ' <input type="hidden" name="wpProofreader" value="' + self.proofreadpage_username + '">' +~~
956		~~- '<input type="hidden" name="quality" value=' + self.proofreadpage_quality + ' >';~~
	950	+ ' <input type="hidden" name="wpProofreader" value="' + escapeQuotesHTML( self.proofreadpage_username ) + '">' +
	951	+ '<input type="hidden" name="quality" value="' + escapeQuotesHTML( self.proofreadpage_quality ) + '" >';
957	952	return;
958	953	}
959	954
960	955	f.innerHTML =
961		~~-' <input type="hidden" name="wpProofreader" value="' + self.proofreadpage_username + '">'~~
	956	+' <input type="hidden" name="wpProofreader" value="' + escapeQuotesHTML( self.proofreadpage_username ) + '">'
962	957	+'<span class="quality0"> <input type="radio" name="quality" value=0 onclick="pr_add_quality(this.form,0)" tabindex=4> </span>'
963	958	+'<span class="quality2"> <input type="radio" name="quality" value=2 onclick="pr_add_quality(this.form,2)" tabindex=4> </span>'
964	959	+'<span class="quality1"> <input type="radio" name="quality" value=1 onclick="pr_add_quality(this.form,1)" tabindex=4> </span>'

Follow-up revisions

Revision	Commit summary	Author	Date
r81156	1.16wmf4: MFT r81155	catrope	19:54, 28 January 2011
r81394	1.17: MFT r81026, r81116, r81155, r81201, r81204, r81205, r81220, r81235, r81...	catrope	15:33, 2 February 2011

Status & tagging log

04:25, 3 February 2011 Tim Starling (talk | contribs) changed the tags for r81155 [removed: tstarling]
04:25, 3 February 2011 Tim Starling (talk | contribs) changed the status of r81155 [removed: new added: ok]
15:34, 2 February 2011 Catrope (talk | contribs) changed the tags for r81155 [removed: 1.17]
01:22, 29 January 2011 Catrope (talk | contribs) changed the tags for r81155 [added: tstarling]
19:55, 28 January 2011 Catrope (talk | contribs) changed the tags for r81155 [added: 1.17]