# HG changeset patch # User Dan Fuhry # Date 1277737251 14400 # Node ID 4fb4b6647e963c770cfc2a50c8d98412bd0a2fde # Parent 59fee40b4644c460d3f3954efa63971fccf16b49 SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! diff -r 59fee40b4644 -r 4fb4b6647e96 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Mon Dec 28 16:52:41 2009 -0500 +++ b/plugins/SpecialUserFuncs.php Mon Jun 28 11:00:51 2010 -0400 @@ -929,15 +929,15 @@ foreach($template->theme_list as $t) { if($t['enabled']) { - echo ''; + echo '>'.htmlspecialchars($t['theme_name']).''; } } ?>

-

+

-

- +

+