http://www.mediawiki.org/wiki/Special:Code/MediaWiki/56427
Revision: 56427
Author: brion
Date: 2009-09-16 18:27:27 +0000 (Wed, 16 Sep 2009)
Log Message:
-----------
Security fix: escape client-provided $article string when dropping it into
JavaScript in an HTML element returned for AJAX results
Modified Paths:
--------------
trunk/extensions/Collection/Collection.php
Modified: trunk/extensions/Collection/Collection.php
===================================================================
--- trunk/extensions/Collection/Collection.php 2009-09-16 18:26:30 UTC (rev
56426)
+++ trunk/extensions/Collection/Collection.php 2009-09-16 18:27:27 UTC (rev
56427)
@@ -278,6 +278,12 @@
$wgAjaxExportList[] = 'wfAjaxCollectionClear';
+/**
+ * Backend of several following SAJAX function handlers...
+ * @param String $action provided by the specific handlers internally
+ * @param String $article title passed in from client
+ * @return AjaxResponse with JSON-encoded array including HTML fragment.
+ */
function wfCollectionSuggestAction( $action, $article ) {
wfLoadExtensionMessages( 'CollectionCore' );
wfLoadExtensionMessages( 'Collection' );
@@ -290,7 +296,8 @@
'Book',
array('bookcmd' => 'suggest', 'undo' =>
$action, 'arttitle' => $article )
),
- 'onclick' => "collectionSuggestCall('UndoArticle',
['$action', '$article']); return false;",
+ 'onclick' => "collectionSuggestCall('UndoArticle'," .
+ Xml::encodeJsVar( array( $action, $article ) )
. "); return false;",
'title' => wfMsg( 'coll-suggest_undo_tooltip' ),
),
wfMsg( 'coll-suggest_undo' )
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
