From: Niklas Laxström Date: Sat, 6 Dec 2014 11:02:14 +0000 (+0100) Subject: Remove over/underescaping detected in Special:UserRights X-Git-Tag: 1.31.0-rc.0~12849 X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=8d71f214fb2cd0eea116c66c45009a276bd5be09 Remove over/underescaping detected in Special:UserRights Bug: T31340 Change-Id: I99823cd56e0a6f501101cb85be832d2925ce9779 --- diff --git a/includes/User.php b/includes/User.php index 34af4c5c5c..88004dce47 100644 --- a/includes/User.php +++ b/includes/User.php @@ -4471,7 +4471,7 @@ class User implements IDBAccessObject { if ( $title ) { return Linker::link( $title, htmlspecialchars( $text ) ); } else { - return $text; + return htmlspecialchars( $text ); } } diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php index 3e9313cd17..892ff5bc95 100644 --- a/includes/specials/SpecialUserrights.php +++ b/includes/specials/SpecialUserrights.php @@ -493,25 +493,32 @@ class UserrightsPage extends SpecialPage { } $language = $this->getLanguage(); - $displayedList = $this->msg( 'userrights-groupsmember-type', - $language->listToText( $list ), - $language->listToText( $membersList ) - )->plain(); - $displayedAutolist = $this->msg( 'userrights-groupsmember-type', - $language->listToText( $autoList ), - $language->listToText( $autoMembersList ) - )->plain(); + $displayedList = $this->msg( 'userrights-groupsmember-type' ) + ->rawParams( + $language->listToText( $list ), + $language->listToText( $membersList ) + )->escaped(); + $displayedAutolist = $this->msg( 'userrights-groupsmember-type' ) + ->rawParams( + $language->listToText( $autoList ), + $language->listToText( $autoMembersList ) + )->escaped(); $grouplist = ''; $count = count( $list ); if ( $count > 0 ) { - $grouplist = $this->msg( 'userrights-groupsmember', $count, $user->getName() )->parse(); + $grouplist = $this->msg( 'userrights-groupsmember' ) + ->numParams( $count ) + ->params( $user->getName() ) + ->parse(); $grouplist = '

' . $grouplist . ' ' . $displayedList . "

\n"; } $count = count( $autoList ); if ( $count > 0 ) { - $autogrouplistintro = $this->msg( 'userrights-groupsmember-auto', $count, $user->getName() ) + $autogrouplistintro = $this->msg( 'userrights-groupsmember-auto' ) + ->numParams( $count ) + ->params( $user->getName() ) ->parse(); $grouplist .= '

' . $autogrouplistintro . ' ' . $displayedAutolist . "

\n"; } @@ -669,9 +676,9 @@ class UserrightsPage extends SpecialPage { $member = User::getGroupMember( $group, $user->getName() ); if ( $checkbox['irreversible'] ) { - $text = $this->msg( 'userrights-irreversible-marker', $member )->escaped(); + $text = $this->msg( 'userrights-irreversible-marker', $member )->text(); } else { - $text = htmlspecialchars( $member ); + $text = $member; } $checkboxHtml = Xml::checkLabel( $text, "wpGroup-" . $group, "wpGroup-" . $group, $checkbox['set'], $attr ); diff --git a/languages/Language.php b/languages/Language.php index 93c186c5ed..c0de1b40ad 100644 --- a/languages/Language.php +++ b/languages/Language.php @@ -3406,10 +3406,10 @@ class Language { return ''; } if ( $m > 0 ) { - $and = $this->getMessageFromDB( 'and' ); - $space = $this->getMessageFromDB( 'word-separator' ); + $and = htmlspecialchars( $this->getMessageFromDB( 'and' ) ); + $space = htmlspecialchars( $this->getMessageFromDB( 'word-separator' ) ); if ( $m > 1 ) { - $comma = $this->getMessageFromDB( 'comma-separator' ); + $comma = htmlspecialchars( $this->getMessageFromDB( 'comma-separator' ) ); } } $s = $l[$m];