diff options
author | jenkins-bot <jenkins-bot@gerrit.wikimedia.org> | 2022-01-10 21:02:29 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@wikimedia.org> | 2022-01-10 21:02:29 +0000 |
commit | 1351452097e42e278ad8a1d48f0bd06562d6a8f8 (patch) | |
tree | a1f588a3d74a2bf4b1c9114e039a82d391a4ddba | |
parent | 057d6f43923a9b71d9b0f60e4b34c907baf16a5d (diff) | |
parent | 29d5d95eaf04d31edce34a762100c896cfdca5f5 (diff) |
Merge "SECURITY: properly escape output used within galleries and Special:RevisionDelete"
-rw-r--r-- | includes/gallery/TraditionalImageGallery.php | 2 | ||||
-rw-r--r-- | includes/revisiondelete/RevDelFileItem.php | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/includes/gallery/TraditionalImageGallery.php b/includes/gallery/TraditionalImageGallery.php index b5e155a1efac..9dc4579aa58d 100644 --- a/includes/gallery/TraditionalImageGallery.php +++ b/includes/gallery/TraditionalImageGallery.php @@ -214,7 +214,7 @@ class TraditionalImageGallery extends ImageGalleryBase { $meta = []; if ( $img ) { if ( $this->mShowDimensions ) { - $meta[] = $img->getDimensionsString(); + $meta[] = htmlspecialchars( $img->getDimensionsString() ); } if ( $this->mShowBytes ) { $meta[] = htmlspecialchars( $lang->formatSize( $img->getSize() ) ); diff --git a/includes/revisiondelete/RevDelFileItem.php b/includes/revisiondelete/RevDelFileItem.php index d4c1a013c7c4..851647a0629a 100644 --- a/includes/revisiondelete/RevDelFileItem.php +++ b/includes/revisiondelete/RevDelFileItem.php @@ -204,8 +204,10 @@ class RevDelFileItem extends RevDelItem { public function getHTML() { $data = $this->list->msg( 'widthheight' )->numParams( - $this->file->getWidth(), $this->file->getHeight() )->text() . - ' (' . $this->list->msg( 'nbytes' )->numParams( $this->file->getSize() )->text() . ')'; + $this->file->getWidth(), + $this->file->getHeight() )->escaped() . + ' (' . $this->list->msg( 'nbytes' )->numParams( + $this->file->getSize() )->escaped() . ')'; return '<li>' . $this->getLink() . ' ' . $this->getUserTools() . ' ' . $data . ' ' . $this->getComment() . '</li>'; |