SECURITY: Do not allow user scripts on Special:PasswordReset

author Amir Sarabadani <Ladsgroup@gmail.com>

Sat, 7 Dec 2019 22:36:42 +0000 (23:36 +0100)

committer SBassett <sbassett@wikimedia.org>

Mon, 9 Dec 2019 22:50:04 +0000 (22:50 +0000)
author Amir Sarabadani <Ladsgroup@gmail.com>
Sat, 7 Dec 2019 22:36:42 +0000 (23:36 +0100)
committer SBassett <sbassett@wikimedia.org>
Mon, 9 Dec 2019 22:50:04 +0000 (22:50 +0000)
diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php

index c1d30ee..63490e4 100644 (file)
--- a/includes/specials/SpecialPasswordReset.php
+++ b/includes/specials/SpecialPasswordReset.php
@@ -74,6 +74,15 @@ class SpecialPasswordReset extends FormSpecialPage {
                 parent::checkExecutePermissions( $user );
         }
  
+       /**
+        * @param string $par
+        */
+       public function execute( $par ) {
+               $out = $this->getOutput();
+               $out->disallowUserJs();
+               parent::execute( $par );
+       }
+
         protected function getFormFields() {
                 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
                 $a = [];
author	Amir Sarabadani <Ladsgroup@gmail.com>
	Sat, 7 Dec 2019 22:36:42 +0000 (23:36 +0100)
committer	SBassett <sbassett@wikimedia.org>
	Mon, 9 Dec 2019 22:50:04 +0000 (22:50 +0000)