Merge commit 'b88ab'

author: Luke Shumaker <lukeshu@sbcglobal.net> 2015-02-25 23:38:25 -0500
committer: Luke Shumaker <lukeshu@sbcglobal.net> 2015-02-25 23:38:25 -0500
commit: b0e5922cdadff2b394100dc8977bc2d526c04595 (patch)
tree: f1c19b1aaf0988cdef72f978b9f16c5d631d3727 /resources/mediawiki.page/mediawiki.page.image.pagination.js
parent: ad2b9dc3e492af9d550532817f34f865a97a8f63 (diff)
parent: b88ab0086858470dd1f644e64cb4e4f62bb2be9b (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/resources/mediawiki.page/mediawiki.page.image.pagination.js b/resources/mediawiki.page/mediawiki.page.image.pagination.js
index fb44a76f..11ed0ae4 100644
--- a/resources/mediawiki.page/mediawiki.page.image.pagination.js
+++ b/resources/mediawiki.page/mediawiki.page.image.pagination.js
@@ -31,7 +31,16 @@
 	function ajaxifyPageNavigation() {
 		// Intercept the default action of the links in the thumbnail navigation
 		$( '.multipageimagenavbox' ).one( 'click', 'a', function ( e ) {
-			loadPage( this.href );
+			var page, uri;
+
+			// Generate the same URL on client side as the one generated in ImagePage::openShowImage.
+			// We avoid using the URL in the link directly since it could have been manipulated (bug 66608)
+			page = Number( mw.util.getParamValue( 'page', this.href ) );
+			uri = new mw.Uri( mw.util.wikiScript() )
+				.extend( { title: mw.config.get( 'wgPageName' ), page: page } )
+				.toString();
+
+			loadPage( uri );
 			e.preventDefault();
 		} );
author	Luke Shumaker <lukeshu@sbcglobal.net>	2015-02-25 23:38:25 -0500
committer	Luke Shumaker <lukeshu@sbcglobal.net>	2015-02-25 23:38:25 -0500
commit	b0e5922cdadff2b394100dc8977bc2d526c04595 (patch)
tree	f1c19b1aaf0988cdef72f978b9f16c5d631d3727 /resources/mediawiki.page/mediawiki.page.image.pagination.js
parent	ad2b9dc3e492af9d550532817f34f865a97a8f63 (diff)
parent	b88ab0086858470dd1f644e64cb4e4f62bb2be9b (diff)