diff options
| author | Tim Starling <tstarling@users.mediawiki.org> | 2009-07-13 17:13:27 +0000 |
|---|---|---|
| committer | Tim Starling <tstarling@users.mediawiki.org> | 2009-07-13 17:13:27 +0000 |
| commit | 6a30017acfec48e1225667f83ea3e0fa8bc78f3a (patch) | |
| tree | bc7c5475c1e6836285f692a91629d3fb0cb23350 | |
| parent | 46c519ae9792979f9bf3494341acbe35b7bbf596 (diff) | |
Backported r53159 to 1.14 and 1.151.15.1
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/53180
| -rw-r--r-- | RELEASE-NOTES | 1 | ||||
| -rw-r--r-- | includes/specials/SpecialBlockip.php | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 955735bb7765..903d0d8102e4 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -26,6 +26,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN ForeignAPIRepo. * Fixed the "change password" link on Special:Preferences to have the correct returnto parameter. +* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block === Changes since 1.15.0rc1 === diff --git a/includes/specials/SpecialBlockip.php b/includes/specials/SpecialBlockip.php index 0efaedf17b97..f002e5708b50 100644 --- a/includes/specials/SpecialBlockip.php +++ b/includes/specials/SpecialBlockip.php @@ -632,7 +632,7 @@ class IPBlockForm { */ private function getContribsLink( $skin ) { $contribsPage = SpecialPage::getTitleFor( 'Contributions', $this->BlockAddress ); - return $skin->link( $contribsPage, wfMsgHtml( 'ipb-blocklist-contribs', $this->BlockAddress ) ); + return $skin->link( $contribsPage, wfMsgExt( 'ipb-blocklist-contribs', 'escape', $this->BlockAddress ) ); } /** |