diff options
| author | River Tarnell <kateturner@users.mediawiki.org> | 2004-10-14 07:29:38 +0000 |
|---|---|---|
| committer | River Tarnell <kateturner@users.mediawiki.org> | 2004-10-14 07:29:38 +0000 |
| commit | 69ba56aa9e679b0fc236d1403fb56c8028b521ec (patch) | |
| tree | 03f277faae659396ea9e11f918c5063e381290b4 /includes/SpecialMovepage.php | |
| parent | 6a753c3cd7f134dcc601cc5f29276e12d4c70030 (diff) | |
| download | mediawikicore-69ba56aa9e679b0fc236d1403fb56c8028b521ec.tar.gz mediawikicore-69ba56aa9e679b0fc236d1403fb56c8028b521ec.zip | |
fix xss attack if wgRawHtml is enabled
Notes
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/5909
Diffstat (limited to 'includes/SpecialMovepage.php')
| -rw-r--r-- | includes/SpecialMovepage.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/includes/SpecialMovepage.php b/includes/SpecialMovepage.php index ebbd79db2a26..dbba17db2a76 100644 --- a/includes/SpecialMovepage.php +++ b/includes/SpecialMovepage.php @@ -209,7 +209,10 @@ class MovePageForm { $talkmoved = $wgRequest->getVal('talkmoved'); $text = wfMsg( 'pagemovedtext', $oldtitle, $newtitle ); + $marchingantofdoom = $wgRawHtml; + $wgRawHtml = false; $wgOut->addWikiText( $text ); + $wgRawHtml = $marchingantofdoom; if ( $talkmoved == 1 ) { $wgOut->addHTML( "\n<p>" . wfMsg( 'talkpagemoved' ) . "</p>\n" ); |