bryan.tongminh at gmail
Aug 22, 2008, 1:17 AM
Views: 326
Permalink
|
|
Re: [MediaWiki-CVS] SVN: [39799] trunk/phase3: Revert r39793 "* (bug 13879) Special:EmailUser shows a form [...]
|
|
On Fri, Aug 22, 2008 at 12:56 AM, <brion[at]svn.wikimedia.org> wrote:
> Revision: 39799
> Author: brion
> Date: 2008-08-21 22:56:45 +0000 (Thu, 21 Aug 2008)
>
> Log Message:
> -----------
> Revert r39793 "* (bug 13879) Special:EmailUser shows a form in case no user was specified" for the moment
> * Recipient name seems to be output raw into HTML form; this is insecure
There was an htmlspecialchars around it:
> - $recipient = $this->target instanceof User ?
> - htmlspecialchars( $this->target->getName() ) :
> - '';
> * We've lost the link to the target's user page in the primary use case (followed 'email this user' link)
You suggest that we only show the input box in case no target or an
invalid target is specified and else the current behaviour with a link
to the receipent?
Bryan
_______________________________________________
Wikitech-l mailing list
Wikitech-l[at]lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
|
Re: [MediaWiki-CVS] SVN: [39799] trunk/phase3: Revert r39793 "* (bug 13879) Special:EmailUser shows a form [...]
