[MediaWiki-commits] [Gerrit] Remove over/underescaping detected in Special:UserRights - change (mediawiki/core)
jenkins-bot has submitted this change and it was merged. Change subject: Remove over/underescaping detected in Special:UserRights .. Remove over/underescaping detected in Special:UserRights Bug: T31340 Change-Id: I99823cd56e0a6f501101cb85be832d2925ce9779 --- M includes/User.php M includes/specials/SpecialUserrights.php M languages/Language.php 3 files changed, 23 insertions(+), 16 deletions(-) Approvals: Umherirrender: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/User.php b/includes/User.php index 34af4c5..88004dc 100644 --- a/includes/User.php +++ b/includes/User.php @@ -4471,7 +4471,7 @@ if ( $title ) { return Linker::link( $title, htmlspecialchars( $text ) ); } else { - return $text; + return htmlspecialchars( $text ); } } diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php index 3e9313c..892ff5b 100644 --- a/includes/specials/SpecialUserrights.php +++ b/includes/specials/SpecialUserrights.php @@ -493,25 +493,32 @@ } $language = $this-getLanguage(); - $displayedList = $this-msg( 'userrights-groupsmember-type', - $language-listToText( $list ), - $language-listToText( $membersList ) - )-plain(); - $displayedAutolist = $this-msg( 'userrights-groupsmember-type', - $language-listToText( $autoList ), - $language-listToText( $autoMembersList ) - )-plain(); + $displayedList = $this-msg( 'userrights-groupsmember-type' ) + -rawParams( + $language-listToText( $list ), + $language-listToText( $membersList ) + )-escaped(); + $displayedAutolist = $this-msg( 'userrights-groupsmember-type' ) + -rawParams( + $language-listToText( $autoList ), + $language-listToText( $autoMembersList ) + )-escaped(); $grouplist = ''; $count = count( $list ); if ( $count 0 ) { - $grouplist = $this-msg( 'userrights-groupsmember', $count, $user-getName() )-parse(); + $grouplist = $this-msg( 'userrights-groupsmember' ) + -numParams( $count ) + -params( $user-getName() ) + -parse(); $grouplist = 'p' . $grouplist . ' ' . $displayedList . /p\n; } $count = count( $autoList ); if ( $count 0 ) { - $autogrouplistintro = $this-msg( 'userrights-groupsmember-auto', $count, $user-getName() ) + $autogrouplistintro = $this-msg( 'userrights-groupsmember-auto' ) + -numParams( $count ) + -params( $user-getName() ) -parse(); $grouplist .= 'p' . $autogrouplistintro . ' ' . $displayedAutolist . /p\n; } @@ -669,9 +676,9 @@ $member = User::getGroupMember( $group, $user-getName() ); if ( $checkbox['irreversible'] ) { - $text = $this-msg( 'userrights-irreversible-marker', $member )-escaped(); + $text = $this-msg( 'userrights-irreversible-marker', $member )-text(); } else { - $text = htmlspecialchars( $member ); + $text = $member; } $checkboxHtml = Xml::checkLabel( $text, wpGroup- . $group, wpGroup- . $group, $checkbox['set'], $attr ); diff --git a/languages/Language.php b/languages/Language.php index 93c186c..c0de1b4 100644 --- a/languages/Language.php +++ b/languages/Language.php @@ -3406,10 +3406,10 @@ return ''; } if ( $m 0 ) { - $and = $this-getMessageFromDB( 'and' ); - $space = $this-getMessageFromDB( 'word-separator' ); + $and = htmlspecialchars( $this-getMessageFromDB( 'and' ) ); + $space = htmlspecialchars( $this-getMessageFromDB( 'word-separator' ) ); if ( $m 1 ) { - $comma = $this-getMessageFromDB( 'comma-separator' ); + $comma = htmlspecialchars(
[MediaWiki-commits] [Gerrit] Remove over/underescaping detected in Special:UserRights - change (mediawiki/core)
Nikerabbit has uploaded a new change for review. https://gerrit.wikimedia.org/r/177979 Change subject: Remove over/underescaping detected in Special:UserRights .. Remove over/underescaping detected in Special:UserRights Change-Id: I99823cd56e0a6f501101cb85be832d2925ce9779 --- M includes/User.php M includes/specials/SpecialUserrights.php M languages/Language.php 3 files changed, 23 insertions(+), 16 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/79/177979/1 diff --git a/includes/User.php b/includes/User.php index 3cbb052..43faf4d 100644 --- a/includes/User.php +++ b/includes/User.php @@ -4471,7 +4471,7 @@ if ( $title ) { return Linker::link( $title, htmlspecialchars( $text ) ); } else { - return $text; + return htmlspecialchars( $text ); } } diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php index 6ca57aa..75fd644 100644 --- a/includes/specials/SpecialUserrights.php +++ b/includes/specials/SpecialUserrights.php @@ -493,25 +493,32 @@ } $language = $this-getLanguage(); - $displayedList = $this-msg( 'userrights-groupsmember-type', - $language-listToText( $list ), - $language-listToText( $membersList ) - )-plain(); - $displayedAutolist = $this-msg( 'userrights-groupsmember-type', - $language-listToText( $autoList ), - $language-listToText( $autoMembersList ) - )-plain(); + $displayedList = $this-msg( 'userrights-groupsmember-type' ) + -rawParams( + $language-listToText( $list ), + $language-listToText( $membersList ) + )-escaped(); + $displayedAutolist = $this-msg( 'userrights-groupsmember-type' ) + -rawParams( + $language-listToText( $autoList ), + $language-listToText( $autoMembersList ) + )-escaped(); $grouplist = ''; $count = count( $list ); if ( $count 0 ) { - $grouplist = $this-msg( 'userrights-groupsmember', $count, $user-getName() )-parse(); + $grouplist = $this-msg( 'userrights-groupsmember' ) + -numParams( $count ) + -params( $user-getName() ) + -parse(); $grouplist = 'p' . $grouplist . ' ' . $displayedList . /p\n; } $count = count( $autoList ); if ( $count 0 ) { - $autogrouplistintro = $this-msg( 'userrights-groupsmember-auto', $count, $user-getName() ) + $autogrouplistintro = $this-msg( 'userrights-groupsmember-auto' ) + -numParams( $count ) + -params( $user-getName() ) -parse(); $grouplist .= 'p' . $autogrouplistintro . ' ' . $displayedAutolist . /p\n; } @@ -669,9 +676,9 @@ $member = User::getGroupMember( $group, $user-getName() ); if ( $checkbox['irreversible'] ) { - $text = $this-msg( 'userrights-irreversible-marker', $member )-escaped(); + $text = $this-msg( 'userrights-irreversible-marker', $member )-text(); } else { - $text = htmlspecialchars( $member ); + $text = $member; } $checkboxHtml = Xml::checkLabel( $text, wpGroup- . $group, wpGroup- . $group, $checkbox['set'], $attr ); diff --git a/languages/Language.php b/languages/Language.php index fb04255..7847ba2 100644 --- a/languages/Language.php +++ b/languages/Language.php @@ -3403,10 +3403,10 @@ return ''; } if ( $m 0 ) { - $and = $this-getMessageFromDB( 'and' ); - $space = $this-getMessageFromDB( 'word-separator' ); + $and = htmlspecialchars( $this-getMessageFromDB( 'and' ) ); + $space = htmlspecialchars( $this-getMessageFromDB( 'word-separator' ) ); if ( $m 1 ) { - $comma = $this-getMessageFromDB( 'comma-separator' ); + $comma =