r92910 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r92909‎ | r92910 | r92911 >
Date:22:50, 22 July 2011
Author:robin
Status:ok (Comments)
Tags:
Comment:
in "marked version X of [[Page]] patrolled" on IRC, the "version" displays according to the user language. If this is the correct fix (didn't test), it can perhaps be merged with 1.18 and 1.17wmf1.
Modified paths:
  • /trunk/phase3/includes/PatrolLog.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/PatrolLog.php
@@ -67,7 +67,8 @@
6868 return wfMsgHtml( 'patrol-log-line', $diff, $link, $auto );
6969 } else {
7070 $text = $title->getPrefixedText();
71 - return wfMsgForContent( 'patrol-log-line', wfMsgHtml('patrol-log-diff',$cur), "[[$text]]", '' );
 71+ $diff = htmlspecialchars( wfMsgForContent( 'patrol-log-diff', $cur ) );
 72+ return wfMsgForContent( 'patrol-log-line', $diff, "[[$text]]", '' );
7273 }
7374 }
7475

Comments

#Comment by 😂 (talk | contribs)   22:54, 22 July 2011

"Didn't test?" :(

#Comment by SPQRobin (talk | contribs)   22:57, 22 July 2011

Well, I would have to set up so the recent changes of my localhost wiki are displayed in an IRC feed... :(

I hope someone else can test that easily :)

#Comment by Nikerabbit (talk | contribs)   14:13, 23 July 2011

This escapes $cur where it previously didn't.

#Comment by SPQRobin (talk | contribs)   14:23, 23 July 2011

wfMsgHtml() was used. That escaped it, didn't it?

#Comment by Nikerabbit (talk | contribs)   16:01, 23 July 2011

That's what you'd think but it only escapes the content, not parameters.

#Comment by Aaron Schulz (talk | contribs)   17:52, 9 September 2011

Looks line the code lines above for other cases already use htmlspecialchars, e.g.: htmlspecialchars( wfMsg( 'patrol-log-diff', $lang->formatNum( $cur, true ) ) )

Status & tagging log