Merge pull request from GHSA-4jr2-jhfm-2r84

* Fix numerous XSS vulnerabilities See security advisory * Fix XSS on the namespace subpage
miraheze · Feb 9, 2024 · 886cc6b · 886cc6b
1 parent 0a3417c
commit 886cc6b
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/includes/FormFactory/ManageWikiFormFactoryBuilder.php b/includes/FormFactory/ManageWikiFormFactoryBuilder.php
@@ -276,8 +276,8 @@ private static function buildDescriptorExtensions(
 			$mwRequirements = $ext['requires'] ? ManageWikiRequirements::process( $ext['requires'], $extList, false, $wiki ) : true;
 
 			$help = [];
-			$conflictLabel = wfMessage( 'managewiki-conflicts' )->text();
-			$requiresLabel = wfMessage( 'managewiki-requires' )->text();
+			$conflictLabel = wfMessage( 'managewiki-conflicts' )->escaped();
+			$requiresLabel = wfMessage( 'managewiki-requires' )->escaped();
 
 			if ( $ext['conflicts'] ) {
 				$help[] = "{$conflictLabel} {$ext['conflicts']}<br/>";
@@ -380,7 +380,7 @@ private static function buildDescriptorSettings(
 				$help = ( $msgHelp->exists() ) ? $msgHelp->escaped() : $set['help'];
 				if ( $set['requires'] ) {
 					$requires = [];
-					$requiresLabel = wfMessage( 'managewiki-requires' )->text();
+					$requiresLabel = wfMessage( 'managewiki-requires' )->escaped();
 
 					foreach ( $set['requires'] as $require => $data ) {
 						if ( is_array( $data ) ) {
@@ -525,10 +525,10 @@ private static function buildDescriptorNamespaces(
 
 					$configs = ManageWikiTypes::process( $config, $disabled, false, 'namespaces', $a, $namespaceData['additional'][$key] ?? null, false, $a['overridedefault'], $a['type'] );
 
-					$help = ( $msgHelp->exists() ) ? $msgHelp->text() : $a['help'];
+					$help = ( $msgHelp->exists() ) ? $msgHelp->escaped() : $a['help'];
 					if ( $a['requires'] ) {
 						$requires = [];
-						$requiresLabel = wfMessage( 'managewiki-requires' )->text();
+						$requiresLabel = wfMessage( 'managewiki-requires' )->escaped();
 
 						foreach ( $a['requires'] as $require => $data ) {
 							if ( is_array( $data ) ) {
@@ -660,7 +660,7 @@ private static function buildDescriptorPermissions(
 			$formDescriptor["right-{$perm}"] = [
 				'type' => 'check',
 				'label' => $perm,
-				'help' => User::getRightDescription( $perm ),
+				'help' => htmlspecialchars( User::getRightDescription( $perm ) ),
 				'section' => ( $assigned ) ? 'assigned' : 'unassigned',
 				'default' => $assigned,
 				'disabled' => !$ceMW