r95716 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r95715‎ \| r95716 \| r95717 >
Date:	22:22, 29 August 2011
Author:	preilly
Status:	ok
Tags:
Comment:	make sure to convert special characters to HTML entities in user-supplied text
Modified paths:	/trunk/extensions/MobileFrontend/MobileFrontend.php (modified) (history) /trunk/extensions/MobileFrontend/views/layout/_footmenu_default.html.php (modified) (history) /trunk/extensions/MobileFrontend/views/layout/_search_webkit.html.php (modified) (history)

Diff [purge]

Index: trunk/extensions/MobileFrontend/MobileFrontend.php
—	—	@@ -65,7 +65,7 @@
66	66	);
67	67
68	68	class ExtMobileFrontend {
69		~~- const VERSION = '0.5.46';~~
	69	+ const VERSION = '0.5.47';
70	70
71	71	/**
72	72	* @var DOMDocument
—	—	@@ -568,7 +568,7 @@
569	569	$segments = explode( $this->WMLSectionSeperator, $s );
570	570	$card = '';
571	571	$idx = 0;
572		~~- $requestedSegment = self::$requestedSegment;~~
	572	+ $requestedSegment = htmlspecialchars( self::$requestedSegment );
573	573	$title = htmlspecialchars( self::$title->getText() );
574	574
575	575	$card .= "<card id='{$idx}' title='{$title}'><p>{$segments[$requestedSegment]}</p>";
—	—	@@ -787,13 +787,13 @@
788	788	header( 'Content-Type: application/json' );
789	789	header( 'Content-Disposition: attachment; filename="data.js";' );
790	790	$json_data = array();
791		~~- $json_data['title'] = self::$title->getText();~~
	791	+ $json_data['title'] = htmlspecialchars ( self::$title->getText() );
792	792	$json_data['html'] = $contentHtml;
793	793
794	794	$json = FormatJson::encode( $json_data );
795	795
796	796	if ( !empty( self::$callback ) ) {
797		~~- $json = urlencode( self::$callback ) . '(' . $json . ')';~~
	797	+ $json = urlencode( htmlspecialchars( self::$callback ) ) . '(' . $json . ')';
798	798	}
799	799
800	800	wfProfileOut( __METHOD__ );
Index: trunk/extensions/MobileFrontend/views/layout/_search_webkit.html.php
—	—	@@ -1,7 +1,7 @@
2	2	<?php
3	3	global $wgExtensionAssetsPath, $wgMobileFrontendLogo;
4	4
5		~~-$searchField = self::$searchField;~~
	5	+$searchField = htmlspecialchars( self::$searchField );
6	6	$mainPageUrl = self::$mainPageUrl;
7	7	$randomPageUrl = self::$randomPageUrl;
8	8	$homeButton = self::$messages['mobile-frontend-home-button'];
Index: trunk/extensions/MobileFrontend/views/layout/_footmenu_default.html.php
—	—	@@ -6,15 +6,15 @@
7	7	$disableImages = self::$messages['mobile-frontend-disable-images'];
8	8	$enableImages = self::$messages['mobile-frontend-enable-images'];
9	9
10		~~-$disableMobileSiteURL = self::$disableMobileSiteURL;~~
11		~~-$viewNormalSiteURL = self::$viewNormalSiteURL;~~
	10	+$disableMobileSiteURL = htmlspecialchars( self::$disableMobileSiteURL );
	11	+$viewNormalSiteURL = htmlspecialchars( self::$viewNormalSiteURL );
12	12
13	13	if ( self::$disableImages == 0 ) {
14	14	$imagesToggle = $disableImages;
15		~~- $imagesURL = self::$disableImagesURL;~~
	15	+ $imagesURL = htmlspecialchars( self::$disableImagesURL );
16	16	} else {
17	17	$imagesToggle = $enableImages;
18		~~- $imagesURL = self::$enableImagesURL;~~
	18	+ $imagesURL = htmlspecialchars( self::$enableImagesURL );
19	19	}
20	20
21	21	$footerHtml = <<<EOD

Status & tagging log

13:15, 26 September 2011 😂 (talk | contribs) changed the status of r95716 [removed: new added: ok]