http://www.mediawiki.org/wiki/Special:Code/MediaWiki/94618
Revision: 94618
Author: catrope
Date: 2011-08-16 10:57:56 +0000 (Tue, 16 Aug 2011)
Log Message:
-----------
Fix XSS in CreateBox. Patch by Mark Goodwin from Mozilla.
Modified Paths:
--------------
trunk/extensions/CreateBox/CreateBox.php
Modified: trunk/extensions/CreateBox/CreateBox.php
===================================================================
--- trunk/extensions/CreateBox/CreateBox.php 2011-08-16 10:47:15 UTC (rev
94617)
+++ trunk/extensions/CreateBox/CreateBox.php 2011-08-16 10:57:56 UTC (rev
94618)
@@ -96,9 +96,9 @@
function acMakeBox( $input, $argv, $parser ) {
global $wgRequest, $wgScript;
if( $wgRequest->getVal( 'action' ) == 'create' ) {
- $prefix = $wgRequest->getVal( 'prefix' );
- $preload = $wgRequest->getVal( 'preload' );
- $editintro = $wgRequest->getVal( 'editintro' );
+ $prefix = acGetOption( $input, 'prefix' );
+ $preload = acGetOption( $input, 'preload' );
+ $editintro = acGetOption( $input, 'editintro' );
$text = $parser->getTitle()->getPrefixedText();
if( $prefix && strpos( $text, $prefix ) === 0 ) {
$text = substr( $text, strlen( $prefix ) );
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
