improving security in breadcrumbs by escaping double-quotes
authorMilos Dinic <milossh@bitbucket.org>
Fri, 10 Dec 2010 18:55:35 +0100
changeset 47 0ea76bac2c750d2ac1634affb968dbfb79991782
parent 46 d14219fa04beaca66f1c82e0289ea1d05a2dac48
child 48 ea48a071a9f134367648cce2eced685ccc107c5c
push id23
push userzbraniecki@mozilla.com
push dateFri, 10 Dec 2010 17:56:21 +0000
improving security in breadcrumbs by escaping double-quotes
mediawiki/skins/gmo.php
--- a/mediawiki/skins/gmo.php
+++ b/mediawiki/skins/gmo.php
@@ -207,23 +207,25 @@ class GMOTemplate extends QuickTemplate 
                                 } 
                             else {}
                         }
                         for ($i = 0; $i <= $key; $i++) {
                             if($i == $elements_count) { $url .= $pieces[$i]; }
                             else {$url .= $pieces[$i] . "/";}
                         }
                         $url = preg_replace('/ /', '_', $url);
+                        $url = htmlspecialchars($url, ENT_QUOTES);
+                        $label_output = htmlspecialchars($label, ENT_QUOTES);
                         if ($url != "" && $label != $last_piece) { /* don't put | sign after the last piece */
                             if(!array_search("action=", $moj_niz) && $last_piece != "Main_Page") {
-                                echo "<span class=\"breadcrumb-item\"> <a href=" . substr_replace($url ,"",-1) . ">" . $label . "</a> > </span>";
+                                echo "<span class=\"breadcrumb-item\"> <a href=\"" . substr_replace($url ,"",-1) . "\">" . $label_output . "</a> > </span>";
                             } else {}
                         } else {
                             if(!array_search("action=", $moj_niz)) {
-                                echo "<span class=\"breadcrumb-item\"> <a href=" . $url . ">" . $label . "</a></span>";
+                                echo "<span class=\"breadcrumb-item\"> <a href=\"" . $url . "\">" . $label_output . "</a></span>";
                             } else {}
                         }
                     }
                 ?>
                 </div>
                 <h3 id="siteSub"><?php $this->msg('tagline') ?></h3>
                 <div id="contentSub"><?php $this->html('subtitle') ?></div>
                 <?php if($this->data['undelete']) { ?><div id="contentSub2"><?php     $this->html('undelete') ?></div><?php } ?>