Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/search
History
Brian Wolff d4385537bc SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true; 
In the non-default configuration where $wgAdvancedSearchHighlighting
is set to true, there is an XSS vulnerability as HTML tags are
not properly escaped if the tag spans multiple search results

Issue introduced in abf726ea0 (MediaWiki 1.13 and above).

Bug: T144845
Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
2017-04-06 13:42:44 -07:00
..
AugmentPageProps.php Infrastructure for augmenting search results 2016-09-15 15:44:03 -07:00
DummySearchIndexFieldDefinition.php Fix two instances of calling function with too few args 2016-12-15 13:24:40 -08:00
NullIndexField.php Create API to allow content handlers to handle structured data definitions 2016-07-06 13:41:20 -07:00
ParserOutputSearchDataExtractor.php Extract ParserOutput search index data fields from WikiTextContentHandler 2016-08-19 09:26:17 -04:00
PerRowAugmentor.php Infrastructure for augmenting search results 2016-09-15 15:44:03 -07:00
ResultAugmentor.php Remove empty lines from PHP and JavaScript comment blocks 2016-12-09 09:01:06 +00:00
ResultSetAugmentor.php Remove empty lines from PHP and JavaScript comment blocks 2016-12-09 09:01:06 +00:00
SearchDatabase.php Move IDatabase/IMaintainableDatabase to Rdbms namespace 2017-03-28 15:32:38 -07:00
SearchEngine.php Add deleted archive titles search 2017-04-05 12:02:35 -07:00
SearchEngineConfig.php Move wgContLang from config to injectable 2016-04-27 11:55:17 -07:00
SearchEngineFactory.php Move IDatabase/IMaintainableDatabase to Rdbms namespace 2017-03-28 15:32:38 -07:00
SearchExactMatchRescorer.php Fix Undefined index: 0 in SearchExactMatchRescorer.php on line 44 2016-03-31 16:26:37 +02:00
SearchHighlighter.php SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true; 2017-04-06 13:42:44 -07:00
SearchIndexField.php Add new type SearchIndexField::INDEX_TYPE_SHORT_TEXT 2016-09-26 12:50:23 +02:00
SearchIndexFieldDefinition.php Allow fields to define their own merge strategy via callback. 2017-03-07 10:36:53 -08:00
SearchMssql.php Replace uses of join() by implode() 2016-03-08 18:24:16 +00:00
SearchMySQL.php Rename DB_SLAVE constant to DB_REPLICA 2016-09-05 22:55:53 -07:00
SearchNearMatcher.php Move wgContLang from config to injectable 2016-04-27 11:55:17 -07:00
SearchNearMatchResultSet.php Infrastructure for augmenting search results 2016-09-15 15:44:03 -07:00
SearchOracle.php Convert all array() syntax to [] 2016-02-17 01:33:00 -08:00
SearchPostgres.php Remove empty lines at end of functions 2016-11-05 11:55:10 +01:00
SearchResult.php Infrastructure for augmenting search results 2016-09-15 15:44:03 -07:00
SearchResultSet.php Infrastructure for augmenting search results 2016-09-15 15:44:03 -07:00
SearchSqlite.php Convert all array() syntax to [] 2016-02-17 01:33:00 -08:00
SearchSuggestion.php Remove empty lines from PHP and JavaScript comment blocks 2016-12-09 09:01:06 +00:00
SearchSuggestionSet.php Remove empty lines from PHP and JavaScript comment blocks 2016-12-09 09:01:06 +00:00
SqlSearchResultSet.php Move ResultWrapper subclasses to Rdbms 2017-03-03 00:44:41 +00:00