On Thu, Mar 26, 2009 at 3:24 PM, Ilmari Karonen
<nospam(a)vyznev.net> wrote:
--- includes/CategoryPage.php (revision 48416)
+++ includes/CategoryPage.php (working copy)
@@ -189,7 +189,7 @@
*/
function addPage( $title, $sortkey, $pageLength, $isRedirect = false ) {
global $wgContLang;
- $titletext = $wgContLang->convert( $title->getPrefixedText() );
+ $titletext = $wgContLang->convert( $sortkey );
$this->articles[] = $isRedirect
? '<span class="redirect-in-category">' .
$this->getSkin()->makeKnownLinkObj( $title, $titletext ) . '</span>'
: $this->getSkin()->makeSizeLinkObj( $pageLength, $title,
$titletext );
It would be easy to make this depend on a config option, too. If anyone
else thinks that would be a good idea, I can commit it.
Doesn't this introduce a trivial XSS vulnerability?
Hmm, you're right, it does -- I didn't realize the title was used
unescaped. That looks uncomfortably close to an XSS vulnerability
anyway. I'd feel a lot more comfortable with a htmlspecialchars() in
there. (Didn't we use to allow "<" in titles not so very long ago?
Certainly the feature that disallows HTML entities in titles is fairly
recent.)
--
Ilmari Karonen