r99804 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r99803‎ | r99804 | r99805 >
Date:21:03, 14 October 2011
Author:kaldari
Status:ok
Tags:fundraising 
Comment:
escaping input to prevent XSS
Modified paths:
  • /branches/fundraising/extensions/DonationInterface/gateway_forms/OneStepTwoColumn.php (modified) (history)

Diff [purge]

Index: branches/fundraising/extensions/DonationInterface/gateway_forms/OneStepTwoColumn.php
@@ -215,10 +215,10 @@
216216 $form .= Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-personal-info' ) );
217217 $form .= Xml::tags( 'h3', array( 'class' => 'payflow-cc-form-header', 'id' => 'payflow-cc-form-header-personal' ), wfMsg( 'payflowpro_gateway-make-your-donation' ) );
218218 if ( !$this->paypal ) {
219 - $source = $wgRequest->getText( 'utm_source' );
220 - $medium = $wgRequest->getText( 'utm_medium' );
221 - $campaign = $wgRequest->getText( 'utm_campaign' );
222 - $formname = $wgRequest->getText( 'form_name' );
 219+ $source = htmlspecialchars( $wgRequest->getText( 'utm_source' ) );
 220+ $medium = htmlspecialchars( $wgRequest->getText( 'utm_medium' ) );
 221+ $campaign = htmlspecialchars( $wgRequest->getText( 'utm_campaign' ) );
 222+ $formname = htmlspecialchars( $wgRequest->getText( 'form_name' ) );
223223 $form .= Xml::Tags( 'p', array( 'id' => 'payflowpro_gateway-cc_otherways' ), wfMsg( 'payflowpro_gateway-paypal', $wgScriptPath, $formname, $source, $medium, $campaign ) );
224224 }
225225 $form .= Xml::openElement( 'table', array( 'id' => 'payflow-table-donor' ) );

Status & tagging log