From 91c859716339f9d1e1b33cfda49d29c8dfdb46b7 Mon Sep 17 00:00:00 2001 From: STran Date: Mon, 1 Sep 2025 05:25:27 -0700 Subject: [PATCH] SECURITY: Escape XSS vector in UserInfoCard What: - Escape messages generated in CheckUserUserInfoCardService for groups (local and global) before they're returned to the front-end Bug: T403289 Change-Id: Iacd0287259cb250ea7c32fbfc1365b89b263e576 --- src/Services/CheckUserUserInfoCardService.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Services/CheckUserUserInfoCardService.php b/src/Services/CheckUserUserInfoCardService.php index 8bb6c39f..0f555825 100644 --- a/src/Services/CheckUserUserInfoCardService.php +++ b/src/Services/CheckUserUserInfoCardService.php @@ -138,14 +138,14 @@ class CheckUserUserInfoCardService { $groupMessages = []; foreach ( $groups as $group ) { if ( $this->messageLocalizer->msg( "group-$group" )->exists() ) { - $groupMessages[] = $this->messageLocalizer->msg( "group-$group" )->text(); + $groupMessages[] = $this->messageLocalizer->msg( "group-$group" )->escaped(); } } $userInfo['groups'] = ''; if ( $groupMessages ) { $userInfo['groups'] = $this->messageLocalizer->msg( 'checkuser-userinfocard-groups' ) ->params( Message::listParam( $groupMessages, ListType::COMMA ) ) - ->text(); + ->parse(); } if ( !isset( $userInfo['totalEditCount'] ) ) { @@ -169,14 +169,14 @@ class CheckUserUserInfoCardService { foreach ( $globalGroups as $group ) { if ( $this->messageLocalizer->msg( "group-$group" )->exists() ) { $globalGroupMessages[] = $this->messageLocalizer->msg( "group-$group" ) - ->text(); + ->escaped(); } } $userInfo['globalGroups'] = ''; if ( $globalGroupMessages ) { $userInfo['globalGroups'] = $this->messageLocalizer->msg( 'checkuser-userinfocard-global-groups' ) ->params( Message::listParam( $globalGroupMessages, ListType::COMMA ) ) - ->text(); + ->parse(); } if ( $centralAuthUser->isLocked() ) { -- 2.48.1