golem
/
MinervaNeue
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Create $returntoquery variable properly 

The $returntoquery variable is created only when request wasn't
posted, but the variable can be accessed on POSTed request.
To fix that issue we need to always define $returntoquery as
an empty array. This is done in order to prevent leak of
any sensitive data sent by POST request.

The sample error from fatalmonitor:
Undefined variable: returntoquery in
skins/MinervaNeue/includes/skins/SkinMinerva.php on line 701

Bug: T205449
Change-Id: I20e5955ddcb99c110a3dc03fb3b56c1904601453
This commit is contained in:
Piotr Miazga 2018-09-25 17:52:08 +02:00
parent 8c587c58c9
commit 71cbed60fb
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/skins/SkinMinerva.php
View File

@ -661,6 +661,8 @@ class SkinMinerva extends SkinTemplate {
*/
protected function insertLogInOutMenuItem( MenuBuilder $menu ) {
$query = [];
$returntoquery = [];
if ( !$this->getRequest()->wasPosted() ) {
$returntoquery = $this->getRequest()->getValues();
unset( $returntoquery['title'] );