Last modified: 2010-04-02 07:09:38 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T25024, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 23024 - Special:ListFiles doesn't escape filenames
Special:ListFiles doesn't escape filenames
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Special pages (Other open bugs)
1.16.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-need-review
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-01 21:34 UTC by Lee Worden
Modified: 2010-04-02 07:09 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
patch for includes/specials/SpecialListfiles.php (691 bytes, patch)
2010-04-01 21:34 UTC, Lee Worden 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Lee Worden 2010-04-01 21:34:50 UTC 
Created attachment 7257 [details]
patch for includes/specials/SpecialListfiles.php

If the wiki includes an uploaded file whose name includes, say, '&', the output of Special:ListFiles fails to parse when output as XHTML.  This is because it outputs the filename without passing through htmlspecialchars.
Comment 1 Bawolff (Brian Wolff) 2010-04-02 01:21:25 UTC 
Added keywords patch, needs-review
Comment 2 Alexandre Emsenhuber [IAlex] 2010-04-02 07:09:38 UTC 
Fixed in r64516.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links