From 5d51d4a08374a196d3247ba13c1e9a81f6bc95ec Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niklas=20Laxstr=C3=B6m?= Date: Sat, 6 Dec 2014 11:51:39 +0100 Subject: [PATCH] Escape unescaped content shown in Special:BlockList Change-Id: I38bd12613b4066c312635f9920a9e2d2002dbf6d --- includes/specials/SpecialBlockList.php | 30 ++++++++++++++++---------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/includes/specials/SpecialBlockList.php b/includes/specials/SpecialBlockList.php index 8a9aefde77..ebc02a55e4 100644 --- a/includes/specials/SpecialBlockList.php +++ b/includes/specials/SpecialBlockList.php @@ -77,11 +77,11 @@ class SpecialBlockList extends SpecialPage { ), 'Options' => array( 'type' => 'multiselect', - 'options' => array( - $this->msg( 'blocklist-userblocks' )->text() => 'userblocks', - $this->msg( 'blocklist-tempblocks' )->text() => 'tempblocks', - $this->msg( 'blocklist-addressblocks' )->text() => 'addressblocks', - $this->msg( 'blocklist-rangeblocks' )->text() => 'rangeblocks', + 'options-messages' => array( + 'blocklist-userblocks' => 'userblocks', + 'blocklist-tempblocks' => 'tempblocks', + 'blocklist-addressblocks' => 'addressblocks', + 'blocklist-rangeblocks' => 'rangeblocks', ), 'flatlist' => true, ), @@ -249,7 +249,7 @@ class BlockListPager extends TablePager { function formatValue( $name, $value ) { static $msg = null; if ( $msg === null ) { - $msg = array( + $keys = array( 'anononlyblock', 'createaccountblock', 'noautoblockblock', @@ -258,17 +258,22 @@ class BlockListPager extends TablePager { 'unblocklink', 'change-blocklink', ); - $msg = array_combine( $msg, array_map( array( $this, 'msg' ), $msg ) ); + + foreach ( $keys as $key ) { + $msg[$key] = $this->msg( $key )->escaped(); + } } /** @var $row object */ $row = $this->mCurrentRow; + $language = $this->getLanguage(); + $formatted = ''; switch ( $name ) { case 'ipb_timestamp': - $formatted = $this->getLanguage()->userTimeAndDate( $value, $this->getUser() ); + $formatted = htmlspecialchars( $language->userTimeAndDate( $value, $this->getUser() ) ); break; case 'ipb_target': @@ -294,7 +299,10 @@ class BlockListPager extends TablePager { break; case 'ipb_expiry': - $formatted = $this->getLanguage()->formatExpiry( $value, /* User preference timezone */true ); + $formatted = htmlspecialchars( $language->formatExpiry( + $value, + /* User preference timezone */true + ) ); if ( $this->getUser()->isAllowed( 'block' ) ) { if ( $row->ipb_auto ) { $links[] = Linker::linkKnown( @@ -317,7 +325,7 @@ class BlockListPager extends TablePager { 'span', array( 'class' => 'mw-blocklist-actions' ), $this->msg( 'parentheses' )->rawParams( - $this->getLanguage()->pipeList( $links ) )->escaped() + $language->pipeList( $links ) )->escaped() ); } break; @@ -355,7 +363,7 @@ class BlockListPager extends TablePager { $properties[] = $msg['blocklist-nousertalk']; } - $formatted = $this->getLanguage()->commaList( $properties ); + $formatted = $language->commaList( $properties ); break; default: -- 2.20.1