diff options
author | sbassett <sbassett@wikimedia.org> | 2022-01-05 16:48:45 -0600 |
---|---|---|
committer | sbassett <sbassett@wikimedia.org> | 2022-01-10 14:20:48 -0600 |
commit | 29d5d95eaf04d31edce34a762100c896cfdca5f5 (patch) | |
tree | ed87b9c9a5f8877a0d010e3f3ad9fcba331398f8 | |
parent | 38f6a54c1c44199b4c7d6470c61298661218929b (diff) |
SECURITY: properly escape output used within galleries and Special:RevisionDelete
* Sanitize $img->getDimensionsString() within TraditionalImageGallery.php
* Sanitize width, height, nbytes messages within RevDelFileItem.php
Bug: T297543
Change-Id: I586a052595ecdc976476d4330510750a59099648
-rw-r--r-- | includes/gallery/TraditionalImageGallery.php | 2 | ||||
-rw-r--r-- | includes/revisiondelete/RevDelFileItem.php | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/includes/gallery/TraditionalImageGallery.php b/includes/gallery/TraditionalImageGallery.php index b5e155a1efac..9dc4579aa58d 100644 --- a/includes/gallery/TraditionalImageGallery.php +++ b/includes/gallery/TraditionalImageGallery.php @@ -214,7 +214,7 @@ class TraditionalImageGallery extends ImageGalleryBase { $meta = []; if ( $img ) { if ( $this->mShowDimensions ) { - $meta[] = $img->getDimensionsString(); + $meta[] = htmlspecialchars( $img->getDimensionsString() ); } if ( $this->mShowBytes ) { $meta[] = htmlspecialchars( $lang->formatSize( $img->getSize() ) ); diff --git a/includes/revisiondelete/RevDelFileItem.php b/includes/revisiondelete/RevDelFileItem.php index d4c1a013c7c4..851647a0629a 100644 --- a/includes/revisiondelete/RevDelFileItem.php +++ b/includes/revisiondelete/RevDelFileItem.php @@ -204,8 +204,10 @@ class RevDelFileItem extends RevDelItem { public function getHTML() { $data = $this->list->msg( 'widthheight' )->numParams( - $this->file->getWidth(), $this->file->getHeight() )->text() . - ' (' . $this->list->msg( 'nbytes' )->numParams( $this->file->getSize() )->text() . ')'; + $this->file->getWidth(), + $this->file->getHeight() )->escaped() . + ' (' . $this->list->msg( 'nbytes' )->numParams( + $this->file->getSize() )->escaped() . ')'; return '<li>' . $this->getLink() . ' ' . $this->getUserTools() . ' ' . $data . ' ' . $this->getComment() . '</li>'; |