[MediaWiki-commits] [Gerrit] Fully escape return value from FileDuplicateSearchPage::form... - change (mediawiki/core)

jenkins-bot (Code Review) Thu, 29 Jan 2015 11:35:42 -0800

jenkins-bot has submitted this change and it was merged.

Change subject: Fully escape return value from 
FileDuplicateSearchPage::formatResult
......................................................................



Fully escape return value from FileDuplicateSearchPage::formatResult

Also avoids unneeded recreation of a title object

Bug: T85864
Change-Id: I0298887e2ee5da9c1694393fb06cfa5eed0e46d3
---
M includes/specials/SpecialFileDuplicateSearch.php
1 file changed, 5 insertions(+), 4 deletions(-)

Approvals:
  Nikerabbit: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/specials/SpecialFileDuplicateSearch.php 
b/includes/specials/SpecialFileDuplicateSearch.php
index 0ebbbc9..607b4f6 100644
--- a/includes/specials/SpecialFileDuplicateSearch.php
+++ b/includes/specials/SpecialFileDuplicateSearch.php
@@ -196,7 +196,7 @@
         *
         * @param Skin $skin
         * @param File $result
-        * @return string
+        * @return string HTML
         */
        function formatResult( $skin, $result ) {
                global $wgContLang;
@@ -204,8 +204,8 @@
                $nt = $result->getTitle();
                $text = $wgContLang->convert( $nt->getText() );
                $plink = Linker::link(
-                       Title::newFromText( $nt->getPrefixedText() ),
-                       $text
+                       $nt,
+                       htmlspecialchars( $text )
                );
 
                $userText = $result->getUser( 'text' );
@@ -220,7 +220,8 @@
                        $user = htmlspecialchars( $userText );
                }
 
-               $time = $this->getLanguage()->userTimeAndDate( 
$result->getTimestamp(), $this->getUser() );
+               $time = htmlspecialchars( $this->getLanguage()->userTimeAndDate(
+                       $result->getTimestamp(), $this->getUser() ) );
 
                return "$plink . . $user . . $time";
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/187010
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0298887e2ee5da9c1694393fb06cfa5eed0e46d3
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Umherirrender <[email protected]>
Gerrit-Reviewer: Nikerabbit <[email protected]>
Gerrit-Reviewer: Umherirrender <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Fully escape return value from FileDuplicateSearchPage::form... - change (mediawiki/core)

Reply via email to