dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 14beae8) | patch
SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;
authorBrian Wolff <bawolff+wn@gmail.com>
Mon, 26 Sep 2016 10:40:30 +0000 (10:40 +0000)
committerChad Horohoe <chadh@wikimedia.org>
Thu, 6 Apr 2017 20:42:44 +0000 (13:42 -0700)
commitd4385537bcd8284936cbcafcc84718dcc9b52181
tree744dff6329a1412e43691fb11d41c6cd0c54cd80tree | snapshot
parent14beae88b5d8d71f291befa2839c1c72d02ede20commit | diff
SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;

In the non-default configuration where $wgAdvancedSearchHighlighting
is set to true, there is an XSS vulnerability as HTML tags are
not properly escaped if the tag spans multiple search results

Issue introduced in abf726ea0 (MediaWiki 1.13 and above).

Bug: T144845
Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
RELEASE-NOTES-1.29 diff | blob | history
includes/search/SearchHighlighter.php diff | blob | history
Wiklou, le Wiki du Wiklou