Page MenuHomePhabricator
Create Task
Maniphest T39723

[SMW] 1.8; SMW_QP_List.php row results are not fully escaped which allows html tags
Closed, ResolvedPublic
Actions

Description

Problem

While testing r37721 we found that SMW_QP_List.php returns results that can contain html tags that distort the <ul>/<ol> embedded list.

Solution

For the <ul>/<ol> list to work properly, no other html tags should within within the result display therefore

SMW_QP_List.php

#line 226

  • $result .= $text; // actual output value

and instead sanitize and strip tags from results
+ $result .= Sanitizer::stripAllTags( $text );

Version: unspecified
Severity: normal

Details

Reference
bz37723

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:22 AM
bzimport added a project: MediaWiki-extensions-Semantic-MediaWiki.
bzimport set Reference to bz37723.
mwjames created this task.Jun 19 2012, 9:38 PM
Unknown Object (User) added a comment.Jun 19 2012, 9:40 PM

I'll fixed this later, ones r37721 is submitted.

Unknown Object (User) added a comment.Jun 19 2012, 9:43 PM

OK, it's late it is not the 37721 revision but the bug 37721

Unknown Object (User) added a comment.Jun 20 2012, 1:04 AM

See https://gerrit.wikimedia.org/r/#/c/12135/

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL