1. 24 Nov, 2017 1 commit
  2. 23 Nov, 2017 5 commits
  3. 21 Nov, 2017 1 commit
    • Jack Phoenix's avatar
      SECURITY: Fix potential XSS vectors · 939ee9b8
      Jack Phoenix authored
      Since $title (actually a Title object, which is converted magically to a
      string here due to Title::__toString()) can be used supplied, it needs to
      be escaped before being output to avoid $title from being something like
      Foo " onmouseover="alert('xss') or somesuch.
      
      Furthermore changed the output format of [[MediaWiki:Liberty-facebook]]
      and [[MediaWiki:Liberty-twitter]] messages to ->escaped() so that admins
      cannot do nasty things by adding a " to one or both of the aforementioned
      MediaWiki: pages (thanks bawolff!).
      939ee9b8
  4. 17 Nov, 2017 2 commits
  5. 14 Oct, 2017 2 commits
  6. 04 Oct, 2017 1 commit
  7. 29 Sep, 2017 1 commit
  8. 05 Aug, 2017 13 commits
  9. 28 Jul, 2017 1 commit
  10. 03 Jun, 2017 1 commit
  11. 02 Jun, 2017 2 commits
  12. 31 May, 2017 2 commits
  13. 30 May, 2017 4 commits
  14. 29 May, 2017 4 commits