diff options
Diffstat (limited to 'resources')
-rw-r--r-- | resources/Resources.php | 6 | ||||
-rw-r--r-- | resources/mediawiki.page/mediawiki.page.image.pagination.js | 11 |
2 files changed, 15 insertions, 2 deletions
diff --git a/resources/Resources.php b/resources/Resources.php index 06120008..3b06e1be 100644 --- a/resources/Resources.php +++ b/resources/Resources.php @@ -981,7 +981,11 @@ return array( ), 'mediawiki.page.image.pagination' => array( 'scripts' => 'resources/mediawiki.page/mediawiki.page.image.pagination.js', - 'dependencies' => array( 'jquery.spinner' ) + 'dependencies' => array( + 'mediawiki.Uri', + 'mediawiki.util', + 'jquery.spinner', + ) ), /* MediaWiki Special pages */ diff --git a/resources/mediawiki.page/mediawiki.page.image.pagination.js b/resources/mediawiki.page/mediawiki.page.image.pagination.js index fb44a76f..11ed0ae4 100644 --- a/resources/mediawiki.page/mediawiki.page.image.pagination.js +++ b/resources/mediawiki.page/mediawiki.page.image.pagination.js @@ -31,7 +31,16 @@ function ajaxifyPageNavigation() { // Intercept the default action of the links in the thumbnail navigation $( '.multipageimagenavbox' ).one( 'click', 'a', function ( e ) { - loadPage( this.href ); + var page, uri; + + // Generate the same URL on client side as the one generated in ImagePage::openShowImage. + // We avoid using the URL in the link directly since it could have been manipulated (bug 66608) + page = Number( mw.util.getParamValue( 'page', this.href ) ); + uri = new mw.Uri( mw.util.wikiScript() ) + .extend( { title: mw.config.get( 'wgPageName' ), page: page } ) + .toString(); + + loadPage( uri ); e.preventDefault(); } ); |