[MediaWiki-CVS] SVN: [47504] trunk/phase3/includes/specials

Thu, 19 Feb 2009 11:08:40 -0800 

Revision: 47504
Author:   aaron
Date:     2009-02-19 19:08:22 +0000 (Thu, 19 Feb 2009)

Log Message:
-----------
escape $wgScript here

Modified Paths:
--------------
    trunk/phase3/includes/specials/SpecialListUserRestrictions.php
    trunk/phase3/includes/specials/SpecialRestrictUser.php

Modified: trunk/phase3/includes/specials/SpecialListUserRestrictions.php
===================================================================
--- trunk/phase3/includes/specials/SpecialListUserRestrictions.php      
2009-02-19 19:03:30 UTC (rev 47503)
+++ trunk/phase3/includes/specials/SpecialListUserRestrictions.php      
2009-02-19 19:08:22 UTC (rev 47504)
@@ -24,9 +24,10 @@
 class SpecialListUserRestrictionsForm {
        public function getHTML() {
                global $wgRequest, $wgScript, $wgTitle;
+               $action = htmlspecialchars( $wgScript );
                $s = '';
                $s .= Xml::fieldset( wfMsg( 'listuserrestrictions-legend' ) );
-               $s .= "<form action=\"{$wgScript}\">";
+               $s .= "<form action=\"{$action}\">";
                $s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );
                $s .= Xml::label( wfMsgHtml( 'listuserrestrictions-type' ), 
'type' ) . '&nbsp;' .
                        self::typeSelector( 'type', $wgRequest->getVal( 'type' 
), 'type' );

Modified: trunk/phase3/includes/specials/SpecialRestrictUser.php
===================================================================
--- trunk/phase3/includes/specials/SpecialRestrictUser.php      2009-02-19 
19:03:30 UTC (rev 47503)
+++ trunk/phase3/includes/specials/SpecialRestrictUser.php      2009-02-19 
19:08:22 UTC (rev 47504)
@@ -37,7 +37,8 @@
 class RestrictUserForm {
        public static function selectUserForm( $val = null, $error = null ) {
                global $wgScript, $wgTitle;
-               $s  = Xml::fieldset( wfMsg( 'restrictuser-userselect' ) ) . 
"<form action=\"{$wgScript}\">";
+               $action = htmlspecialchars( $wgScript );
+               $s  = Xml::fieldset( wfMsg( 'restrictuser-userselect' ) ) . 
"<form action=\"{$action}\">";
                if( $error )
                        $s .= '<p>' . $error . '</p>';
                $s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );



_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs

Reply via email to