Last modified: 2012-04-12 13:55:32 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T25755, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 23755 - ts_parseFloat() in wikibits.js leaks num into global scope


Summary:	ts_parseFloat() in wikibits.js leaks num into global scope

Status:	RESOLVED FIXED

Product:	MediaWiki
Classification:	Unclassified
Component:	JavaScript (Other open bugs)
Version:	1.16.x
Hardware:	All All

Importance:	Normal minor (vote)
Target Milestone:	---
Assigned To:	Michael Dale

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2010-06-01 22:03 UTC by S Page
Modified:	2012-04-12 13:55 UTC (History)
CC List:	2 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description S Page 2010-06-01 22:03:31 UTC

I was trying to puzzle out table-sorting on Wikipedia using Firebug, and I noticed that ts_parseFloat() in wikibits.js assigns a value to num:

 num = parseFloat( s.replace(/[, ]/g, '').replace("\u2212", '-') );

Because there's no var or let, this adds num to the global scope -- before this line is reached, this.num is undefined, afterwards this.num has a value for all JavaScript.  A fix might be to use the existing local var newNum instead of num here.

I'm no JavaScript wizard, so I apologize if this is intentional.
There are several other variables that were probably intended to be local that get added to this. scope according to Firebug (this.i, etc.)

Comment 1 Derk-Jan Hartman 2010-06-01 23:18:32 UTC

Fixed in r67202

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links