Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SECURITY: API: Escape i18n messages in action=feedcontributions

Browse source 
CVE-2025-6591

This is the same issue as CVE-2025-32072 (T386175), except in the
API's feedcontributions module. Escape the "Contributions" and
"colon-separator" messages so administrators cannot inject HTML
into them, triggering a potential XSS in feed readers.

Bug: T392276
Change-Id: Ic590a0d0cfc0a4a1e61859ecc57a175a8f5ec098
This commit is contained in:
Kunal Mehta 2025-04-17 22:31:34 -04:00 committed by Reedy
parent da8d30e0c6
commit 4b59ce1f25
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
includes/api/ApiFeedContributions.php
View file

@ -111,7 +111,7 @@ class ApiFeedContributions extends ApiBase {
$this->dieWithError( 'apierror-sizediffdisabled' );
}
$msg = $this->msg( 'Contributions' )->inContentLanguage()->text();
$msg = $this->msg( 'Contributions' )->inContentLanguage()->escaped();
$feedTitle = $config->get( MainConfigNames::Sitename ) . ' - ' . $msg .
' [' . $config->get( MainConfigNames::LanguageCode ) . ']';
@ -125,7 +125,7 @@ class ApiFeedContributions extends ApiBase {
$feed = new $feedClasses[$params['feedformat']] (
$feedTitle,
htmlspecialchars( $msg ),
$msg,
$feedUrl
);
@ -235,7 +235,7 @@ class ApiFeedContributions extends ApiBase {
* @return string
*/
protected function feedItemDesc( RevisionRecord $revision ) {
$msg = $this->msg( 'colon-separator' )->inContentLanguage()->text();
$msg = $this->msg( 'colon-separator' )->inContentLanguage()->escaped();
try {
$content = $revision->getContent( SlotRecord::MAIN );
} catch ( RevisionAccessException $e ) {