dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f9fe1b) | patch
(bug 42202) Validate editfont before embedding it in CSS
authorCatrope <roan.kattouw@gmail.com>
Fri, 16 Nov 2012 18:12:58 +0000 (10:12 -0800)
committerGerrit Code Review <gerrit@wikimedia.org>
Thu, 29 Nov 2012 22:34:07 +0000 (22:34 +0000)
commit8e57acf21152a688dcb147e6e2bf5c97ef6860af
tree19cb9f792101b58ff5a1bb2e206fa7d4bf34d38ctree | snapshot
parent7f9fe1b29df6ecee9a9c90f6806d7bf8848ff0b1commit | diff
(bug 42202) Validate editfont before embedding it in CSS

If the editfont preference somehow had a value like "foo; color: blue",
we have a CSS injection problem. Normally preference validation should
protect against that, but the API module for setting preferences doesn't
perform any validation.

Change-Id: I5c12aa9a48bf4f6ea4a8fb44554d13189e7757fb
includes/resourceloader/ResourceLoaderUserCSSPrefsModule.php diff | blob | history
Wiklou, le Wiki du Wiklou