Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F585299
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
1 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/includes/search/searchwidgets/FullSearchResultWidget.php b/includes/search/searchwidgets/FullSearchResultWidget.php
index 593ce8b20b5..ac8fbc0b5e0 100644
--- a/includes/search/searchwidgets/FullSearchResultWidget.php
+++ b/includes/search/searchwidgets/FullSearchResultWidget.php
@@ -11,6 +11,7 @@ use MediaWiki\HookContainer\HookRunner;
use MediaWiki\Html\Html;
use MediaWiki\Linker\LinkRenderer;
use MediaWiki\MainConfigNames;
+use MediaWiki\Parser\Sanitizer;
use MediaWiki\Search\Entity\SearchResultThumbnail;
use MediaWiki\Search\SearchResultThumbnailProvider;
use MediaWiki\Specials\SpecialSearch;
@@ -312,9 +313,14 @@ class FullSearchResultWidget implements SearchResultWidget {
return [ $html, null, $this->generateThumbnailHtml( $result ) ];
}
+ // File::getShortDesc() is documented to return HTML, but many handlers used to incorrectly
+ // return plain text (T395834), so sanitize it in case the same bug is present in extensions.
+ $unsafeShortDesc = $img->getShortDesc();
+ $shortDesc = Sanitizer::removeSomeTags( $unsafeShortDesc );
+
return [
$html,
- $this->specialPage->msg( 'parentheses' )->rawParams( $img->getShortDesc() )->escaped(),
+ $this->specialPage->msg( 'parentheses' )->rawParams( $shortDesc )->escaped(),
$this->generateThumbnailHtml( $result, $thumbnail )
];
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Jul 5, 5:32 AM (1 d, 54 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
227706
Default Alt Text
(1 KB)
Attached To
Mode
rMW mediawiki
Attached
Detach File
Event Timeline
Log In to Comment