Last modified: 2012-06-24 14:07:05 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T39723, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 37723 - [SMW] 1.8; SMW_QP_List.php row results are not fully escaped which allows html tags
[SMW] 1.8; SMW_QP_List.php row results are not fully escaped which allows htm...
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
Semantic MediaWiki (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: MWJames
:
Depends on: 37721
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-19 21:38 UTC by MWJames
Modified: 2012-06-24 14:07 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description MWJames 2012-06-19 21:38:37 UTC 
## Problem 

While testing r37721 we found that SMW_QP_List.php returns results that can contain html tags that distort the <ul>/<ol> embedded list.

## Solution
For the <ul>/<ol> list to work properly, no other html tags should within within the result display therefore 

## SMW_QP_List.php

#line 226
-  $result .= $text; // actual output value

and instead sanitize and strip tags from results 
+  $result .= Sanitizer::stripAllTags( $text );
Comment 1 MWJames 2012-06-19 21:40:41 UTC 
I'll fixed this later, ones r37721 is submitted.
Comment 2 MWJames 2012-06-19 21:43:30 UTC 
OK, it's late it is not the 37721 revision but the bug 37721
Comment 3 MWJames 2012-06-20 01:04:51 UTC 
See https://gerrit.wikimedia.org/r/#/c/12135/
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links