dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 52e7684) | patch
SECURITY: Escape internal error message
authorBrian Wolff <bawolff+wn@gmail.com>
Wed, 18 Oct 2017 05:28:43 +0000 (05:28 +0000)
committerReedy <reedy@wikimedia.org>
Wed, 15 Nov 2017 00:58:44 +0000 (00:58 +0000)
commitfea3bbcdae4f052f769ab466df6e1f5d47d1383c
tree8f9bdd66a8db7b20f3f6b0e13c5cee773e868d75tree | snapshot
parent52e76843e268180a6f7add00f1105c42bf6a4ee8commit | diff
SECURITY: Escape internal error message

This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.

Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
includes/exception/MWException.php diff | blob | history
includes/exception/MWExceptionRenderer.php diff | blob | history
Wiklou, le Wiki du Wiklou