Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/parser
History
Brian Wolff e2a6fe5711 SECURITY: XSS in unclosed internal links 
rawurldecode was being run on unclosed internal links
which could allow an attacker to insert arbitrary
html into the page.

See also related: r13302

Bug: T137264
Change-Id: I4e112a9e918df9fe78b62c311939239b483a21f5
2016-08-23 03:39:36 +00:00
..
BlockLevelPass.php BlockLevelPass: minor changes due to initial code review 2016-05-06 14:42:58 +10:00
CacheTime.php Deprecate Parser::disableCache 2016-06-18 19:55:43 +00:00
CoreParserFunctions.php Merge "Show ParserOutput warning instead of on the actual page output for ignored display titles" 2016-06-02 21:23:04 +00:00
CoreTagHooks.php Fix various phpcs error from last security patches 2016-05-20 20:20:36 +02:00
DateFormatter.php Convert all array() syntax to [] 2016-02-17 01:33:00 -08:00
LinkHolderArray.php Move Linker::getLinkColour() into LinkRenderer 2016-05-27 09:18:09 -07:00
MWTidy.php Add/update doc blocks for MWTidy 2016-07-29 01:24:34 +01:00
Parser.php SECURITY: XSS in unclosed internal links 2016-08-23 03:39:36 +00:00
ParserCache.php Merge "ParserCache: Don't try to save to nothing if disabled" 2016-05-03 01:59:57 +00:00
ParserDiffTest.php Convert all array() syntax to [] 2016-02-17 01:33:00 -08:00
ParserOptions.php Try to predict the rev_id when preparing edits 2016-06-29 05:39:33 -07:00
ParserOutput.php Move NewPP limit report HTML comments to JS variables 2016-07-26 11:31:20 -07:00
Preprocessor.php Fix @param and @return types on all PPFrame::getArgument methods 2016-03-29 06:12:18 +00:00
Preprocessor_DOM.php Remove all assert() calls with string parameters 2016-08-15 23:11:18 +00:00
Preprocessor_Hash.php Remove all assert() calls with string parameters 2016-08-15 23:11:18 +00:00
StripState.php Require strip marker names to not have & ' " < or > in them 2016-04-26 13:53:26 -04:00