Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
SECURITY: XSS when $wgPiwikTrackUsernames is true
With a specially-crafted username like 0'+(window.alert('You have been hacked'))+'0
the user receives the alert "You have been hacked". This commit escapes the
username.- Loading branch information