dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d5110cb
)
fixed style and minor XSS vulnerabilities
author
Tim Starling
<tstarling@users.mediawiki.org>
Sat, 14 May 2005 05:41:22 +0000
(
05:41
+0000)
committer
Tim Starling
<tstarling@users.mediawiki.org>
Sat, 14 May 2005 05:41:22 +0000
(
05:41
+0000)
includes/SpecialGroups.php
patch
|
blob
|
history
diff --git
a/includes/SpecialGroups.php
b/includes/SpecialGroups.php
index
1941268
..
c6b2a37
100644
(file)
--- a/
includes/SpecialGroups.php
+++ b/
includes/SpecialGroups.php
@@
-1,7
+1,6
@@
<?php
/**
* Provide an administration interface
<?php
/**
* Provide an administration interface
- * DO NOT USE: INSECURE.
* @package MediaWiki
* @subpackage SpecialPage
*/
* @package MediaWiki
* @subpackage SpecialPage
*/
@@
-36,7
+35,7
@@
class GroupsForm extends HTMLForm {
global $wgUser;
$this->mPosted = $request->wasPosted();
global $wgUser;
$this->mPosted = $request->wasPosted();
- $this->mRequest = $request;
+ $this->mRequest =
&
$request;
$this->mName = 'groups';
$this->mNewName = trim( $request->getText('editgroup-name') );
$this->mName = 'groups';
$this->mNewName = trim( $request->getText('editgroup-name') );
@@
-62,8
+61,8
@@
class GroupsForm extends HTMLForm {
}
/**
}
/**
- * Manage forms to be shown according to posted data
s.
- * Depending on the submit button used
: C
all a form or a saving function.
+ * Manage forms to be shown according to posted data
+ * Depending on the submit button used
, c
all a form or a saving function.
*/
function execute() {
global $wgOut;
*/
function execute() {
global $wgOut;
@@
-97,7
+96,6
@@
class GroupsForm extends HTMLForm {
/**
* Save a group
/**
* Save a group
- * @todo FIXME : Log is incorrect.
*/
function saveGroup() {
global $wgOut;
*/
function saveGroup() {
global $wgOut;
@@
-119,7
+117,7
@@
class GroupsForm extends HTMLForm {
}
// Create a new group
}
// Create a new group
- $g = new
g
roup();
+ $g = new
G
roup();
$g->addToDatabase();
} else {
$add = false;
$g->addToDatabase();
} else {
$add = false;
@@
-196,16
+194,16
@@
class GroupsForm extends HTMLForm {
$g = Group::newFromID($groupID);
$fieldname = 'editgroup';
} else {
$g = Group::newFromID($groupID);
$fieldname = 'editgroup';
} else {
- // default data
s
when we add a group
- $g = new
g
roup();
+ // default data when we add a group
+ $g = new
G
roup();
$fieldname = 'addgroup';
}
$fieldname = 'addgroup';
}
- $gName =
$g->getName(
);
- $gDescription =
$g->getDescription(
);
+ $gName =
htmlspecialchars( $g->getName()
);
+ $gDescription =
htmlspecialchars( $g->getDescription()
);
- $wgOut->addHTML( "<form name=\"editGroup\" action=\"
$this->action
\" method=\"post\">\n".
+ $wgOut->addHTML( "<form name=\"editGroup\" action=\"
{$this->action}
\" method=\"post\">\n".
'<input type="hidden" name="editgroup-oldname" value="'.$gName."\" />\n" );
$wgOut->addHTML( $this->fieldset( $fieldname,
'<input type="hidden" name="editgroup-oldname" value="'.$gName."\" />\n" );
$wgOut->addHTML( $this->fieldset( $fieldname,