r94618 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r94617‎ \| r94618 \| r94619 >
Date:	10:57, 16 August 2011
Author:	catrope
Status:	deferred
Tags:
Comment:	Fix XSS in CreateBox. Patch by Mark Goodwin from Mozilla.
Modified paths:	/trunk/extensions/CreateBox/CreateBox.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CreateBox/CreateBox.php
—	—	@@ -96,9 +96,9 @@
97	97	function acMakeBox( $input, $argv, $parser ) {
98	98	global $wgRequest, $wgScript;
99	99	if( $wgRequest->getVal( 'action' ) == 'create' ) {
100		~~- $prefix = $wgRequest->getVal( 'prefix' );~~
101		~~- $preload = $wgRequest->getVal( 'preload' );~~
102		~~- $editintro = $wgRequest->getVal( 'editintro' );~~
	100	+ $prefix = acGetOption( $input, 'prefix' );
	101	+ $preload = acGetOption( $input, 'preload' );
	102	+ $editintro = acGetOption( $input, 'editintro' );
103	103	$text = $parser->getTitle()->getPrefixedText();
104	104	if( $prefix && strpos( $text, $prefix ) === 0 ) {
105	105	$text = substr( $text, strlen( $prefix ) );

13:51, 16 August 2011 😂 (talk | contribs) changed the status of r94618 [removed: new added: deferred]