* Convert a DB-encoded expiry into a real string that humans can read.
*
* @param $encoded_expiry String: Database encoded expiry time
- * @return String
+ * @return Html-escaped String
*/
public static function formatExpiry( $encoded_expiry ) {
static $msg = null;
$expirystr = $msg['infiniteblock'];
} else {
global $wgLang;
- $expiretimestr = $wgLang->timeanddate( $expiry, true );
- $expirystr = wfMsgReplaceArgs( $msg['expiringblock'], array($expiretimestr) );
+ $expiredatestr = htmlspecialchars($wgLang->date( $expiry, true ));
+ $expiretimestr = htmlspecialchars($wgLang->time( $expiry, true ));
+ $expirystr = wfMsgReplaceArgs( $msg['expiringblock'], array( $expiredatestr, $expiretimestr ) );
}
return $expirystr;
}