[MediaWiki-commits] [Gerrit] [SECURITY] Fix possible XSS attack - change (mediawiki...QuickSearchLookup)

Florianschmidtwelzow (Code Review) Wed, 06 Apr 2016 13:49:26 -0700

Florianschmidtwelzow has submitted this change and it was merged.

Change subject: [SECURITY] Fix possible XSS attack
......................................................................



[SECURITY] Fix possible XSS attack

The request to the extracts api is made with plaintext to get an
unformatted output (without bold, italic and other text formatting).
However, the output isn't parsed or anything else, it is passed directly
to the output as plain HTML. This allows an attacker to insert scripts
and other html into the output which is escaped on the page directly,
but not in the quicksearchlookup information box at the right side, which
is a security risk.

This change fixes the risk by not passing the content to an OOUI\HtmlSnippet
element anymore.

Bug: T130468
Change-Id: I430e137217c0f01b6807925e703ca71ce9989fe5
---
M includes/QuickSearchLookup.php
M tests/phpunit/QuickSearchLookupTest.php
2 files changed, 5 insertions(+), 4 deletions(-)

Approvals:
  Florianschmidtwelzow: Verified; Looks good to me, approved



diff --git a/includes/QuickSearchLookup.php b/includes/QuickSearchLookup.php
index 060e161..6118aad 100644
--- a/includes/QuickSearchLookup.php
+++ b/includes/QuickSearchLookup.php
@@ -156,7 +156,7 @@
                                // the ButtonWidget
                                $layout = new OOUI\Layout();
                                $layout
-                                       ->appendContent( new OOUI\HtmlSnippet( 
$text ) )
+                                       ->appendContent( $text )
                                        ->addClasses( array(
                                                'mw-search-quicklookup-text',
                                                // this class adds space 
between the text and the read more button (which is positioned
diff --git a/tests/phpunit/QuickSearchLookupTest.php 
b/tests/phpunit/QuickSearchLookupTest.php
index a9c0d55..d76185d 100644
--- a/tests/phpunit/QuickSearchLookupTest.php
+++ b/tests/phpunit/QuickSearchLookupTest.php
@@ -2,6 +2,7 @@
 
 /**
  * @group Extensions
+ * @group Database
  */
 class QuickSearchLooupTest extends MediaWikiTestCase {
        protected function setUp() {
@@ -60,9 +61,9 @@
        public function getTitleResults() {
                return array(
                        array( 'BogusTest', false ),
-                       array( 'Main_Page', true ),
+                       array( 'UTPage', true ),
                        array( Title::newFromText( 'BogusTest' ), false ),
-                       array( Title::newMainPage(), true ),
+                       array( Title::newFromText( 'UTPage' ), true ),
                );
        }
 }
@@ -71,4 +72,4 @@
        public function __call( $name, $args ) {
                throw new Exception( 'Functions shouldn\'t call the singleton 
itself.' );
        }
-}
\ No newline at end of file
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/281991
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I430e137217c0f01b6807925e703ca71ce9989fe5
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/QuickSearchLookup
Gerrit-Branch: master
Gerrit-Owner: Florianschmidtwelzow <florian.schmidt.stargatewis...@gmail.com>
Gerrit-Reviewer: Florianschmidtwelzow <florian.schmidt.stargatewis...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] [SECURITY] Fix possible XSS attack - change (mediawiki...QuickSearchLookup)

Reply via email to