[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Escape internal error message
jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/391447 ) Change subject: SECURITY: Escape internal error message .. SECURITY: Escape internal error message This message contains the request url, which is semi-user controlled. Most browsers percent escape < and > so its probably not exploitable (curl is an exception here), but nonetheless its not good. Bug: T178451 Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6 --- M includes/exception/MWException.php M includes/exception/MWExceptionRenderer.php 2 files changed, 18 insertions(+), 15 deletions(-) Approvals: Reedy: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/exception/MWException.php b/includes/exception/MWException.php index c633431..6d95919 100644 --- a/includes/exception/MWException.php +++ b/includes/exception/MWException.php @@ -103,13 +103,15 @@ $logId = WebRequest::getRequestId(); $type = static::class; return Html::errorBox( - '[' . $logId . '] ' . - gmdate( 'Y-m-d H:i:s' ) . ": " . - $this->msg( "internalerror-fatal-exception", - "Fatal exception of type $1", - $type, - $logId, - MWExceptionHandler::getURL( $this ) + htmlspecialchars( + '[' . $logId . '] ' . + gmdate( 'Y-m-d H:i:s' ) . ": " . + $this->msg( "internalerror-fatal-exception", + "Fatal exception of type $1", + $type, + $logId, + MWExceptionHandler::getURL( $this ) + ) ) ) . ""; } -- To view, visit https://gerrit.wikimedia.org/r/391447 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: ReedyGerrit-Reviewer: Brian Wolff Gerrit-Reviewer: Reedy Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Escape internal error message
Reedy has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/391447 ) Change subject: SECURITY: Escape internal error message .. SECURITY: Escape internal error message This message contains the request url, which is semi-user controlled. Most browsers percent escape < and > so its probably not exploitable (curl is an exception here), but nonetheless its not good. Bug: T178451 Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6 --- M includes/exception/MWException.php M includes/exception/MWExceptionRenderer.php 2 files changed, 18 insertions(+), 15 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/47/391447/1 diff --git a/includes/exception/MWException.php b/includes/exception/MWException.php index c633431..6d95919 100644 --- a/includes/exception/MWException.php +++ b/includes/exception/MWException.php @@ -103,13 +103,15 @@ $logId = WebRequest::getRequestId(); $type = static::class; return Html::errorBox( - '[' . $logId . '] ' . - gmdate( 'Y-m-d H:i:s' ) . ": " . - $this->msg( "internalerror-fatal-exception", - "Fatal exception of type $1", - $type, - $logId, - MWExceptionHandler::getURL( $this ) + htmlspecialchars( + '[' . $logId . '] ' . + gmdate( 'Y-m-d H:i:s' ) . ": " . + $this->msg( "internalerror-fatal-exception", + "Fatal exception of type $1", + $type, + $logId, + MWExceptionHandler::getURL( $this ) + ) ) ) . ""; } -- To view, visit https://gerrit.wikimedia.org/r/391447 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: ReedyGerrit-Reviewer: Brian Wolff Gerrit-Reviewer: Reedy ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits