Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Close the web page when it is disabled.

Browse source 
Fix XSS in filter parameter. Normal setups (with $wgEnableProfileInfo = false) are not affected.
This commit is contained in:
Platonides 2010-07-26 17:41:14 +00:00
parent 85f9ba1bf7
commit f3a89bb4d0
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
profileinfo.php
View file

@ -65,7 +65,8 @@ require_once( './includes/WebStart.php' );
<?php
if ( !$wgEnableProfileInfo ) {
echo "disabled\n";
echo "<p>Disabled</p>\n";
echo "</body></html>";
exit( 1 );
}
@ -251,8 +252,8 @@ function makeurl( $_filter = false, $_sort = false, $_expand = false ) {
if ( $_expand === false )
$_expand = $expand;
$nfilter = $_filter ? $_filter : $filter;
$nsort = $_sort ? $_sort : $sort;
$nfilter = $_filter ? htmlspecialchars( $_filter ) : htmlspecialchars( $filter );
$nsort = $_sort ? htmlspecialchars( $_sort ) : htmlspecialchars( $sort );
$exp = urlencode( implode( ',', array_keys( $_expand ) ) );
return "?filter=$nfilter&amp;sort=$nsort&amp;expand=$exp";
}