dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d066248) | patch
SECURITY: XSS in unclosed internal links
authorBrian Wolff <bawolff+wn@gmail.com>
Wed, 8 Jun 2016 02:35:15 +0000 (22:35 -0400)
committerChad <chadh@wikimedia.org>
Tue, 23 Aug 2016 03:39:36 +0000 (03:39 +0000)
commite2a6fe571166160b9caed45f35910a7b9b50d2c0
treea95fae339763a0d61bd3b60ae0e69038732673a8tree | snapshot
parentd0662487e683d602d08f3c3875797e850ad7210ccommit | diff
SECURITY: XSS in unclosed internal links

rawurldecode was being run on unclosed internal links
which could allow an attacker to insert arbitrary
html into the page.

See also related: r13302

Bug: T137264
Change-Id: I4e112a9e918df9fe78b62c311939239b483a21f5
includes/parser/Parser.php diff | blob | history
tests/parser/parserTests.txt diff | blob | history
Wiklou, le Wiki du Wiklou