dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 246bebe) | patch
HttpError: Consistently escape document title
authorTimo Tijhof <krinklemail@gmail.com>
Sun, 24 May 2015 12:39:15 +0000 (14:39 +0200)
committerTimo Tijhof <krinklemail@gmail.com>
Mon, 1 Jun 2015 13:58:19 +0000 (14:58 +0100)
commit0e841380176805b078bf35553e5d4406a4a6ab9d
treed2859780237648487956e17cce9e30da9996aedetree | snapshot
parent246bebe8216228a2482927680e330c3b15a7334ccommit | diff
HttpError: Consistently escape document title

Wasn't actually a vulnerability because HttpStatus::getMessage
can only return one of a fixed set of values which are all plain
text without any special characters. However the return value
there is meant to plain text and not html, so just like
Html::element and other interfaces, things should be consitently
escaped.

Also renamed variables for clarity.

Change-Id: I8b61d7e9ea4101e3a9ef5f9a59a97db45aeef68c
includes/exception/HttpError.php diff | blob | history
Wiklou, le Wiki du Wiklou