dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 72fae85) | patch
SECURITY: Escape wikitext content model/format in message
authorBrian Wolff <bawolff+wn@gmail.com>
Mon, 13 Mar 2017 21:20:02 +0000 (21:20 +0000)
committerChad Horohoe <chadh@wikimedia.org>
Thu, 6 Apr 2017 20:42:58 +0000 (13:42 -0700)
commit288512618ee57477ed5f01a97e11de229cbe32bb
tree4497e2abac2cd520b0dc882bbf7dd290f3188270tree | snapshot
parent72fae85001a9645a758747057e5fff0300123f3acommit | diff
SECURITY: Escape wikitext content model/format in message

Escape wikitext in model= and format= url parameter to
edit page. This goes along with 1c788944 to help prevent
XSS for wikis with $wgRawHtml = true; set.

Bug: T156184
Change-Id: Ifcaa2ccf05a2a691d0b150e2f7e0e765db25fc7f
RELEASE-NOTES-1.29 diff | blob | history
includes/EditPage.php diff | blob | history
Wiklou, le Wiki du Wiklou