Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SECURITY: Escape rawElement $content

Browse source 
CVE-2025-61636

Bug: T394396
Change-Id: I1ed54e4f063ec10d412c0db95b1bfed4a084b1d4
This commit is contained in:
Dayllan Maza 2025-05-16 11:54:07 -04:00 committed by Reedy
parent 7c233a1670
commit 596c2615de
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
includes/htmlform/fields/HTMLButtonField.php
View file

@ -121,7 +121,7 @@ class HTMLButtonField extends HTMLFormField {
public function getInputCodex( $value, $hasErrors ) {
$flags = $this->mFlags;
$buttonLabel = $this->buttonLabel ?: htmlspecialchars( $this->getDefault() );
$buttonLabel = $this->buttonLabel ?: $this->getDefault();
$buttonClasses = [ 'mw-htmlform-submit', 'cdx-button', $this->mClass ];
$buttonAttribs = [
'class' => $buttonClasses,
@ -132,6 +132,8 @@ class HTMLButtonField extends HTMLFormField {
'formnovalidate' => $this->mFormnovalidate,
] + $this->getAttributes( [ 'disabled', 'tabindex' ] );
// T394396 - Needs revisiting. Merged with suppress to match sec release.
// @phan-suppress-next-line SecurityCheck-DoubleEscaped
return static::buildCodexComponent(
$flags,
$buttonLabel,
@ -170,7 +172,7 @@ class HTMLButtonField extends HTMLFormField {
$attribs['class'] = $buttonClassesAndFlags;
$buttonHtml = Html::rawElement(
'button', $attribs, $buttonLabel
'button', $attribs, htmlspecialchars( $buttonLabel )
);
return $buttonHtml;