fixed potential XSS vulnerability

author Tim Starling <tstarling@users.mediawiki.org>

Sat, 14 May 2005 05:42:29 +0000 (05:42 +0000)

committer Tim Starling <tstarling@users.mediawiki.org>

Sat, 14 May 2005 05:42:29 +0000 (05:42 +0000)
author Tim Starling <tstarling@users.mediawiki.org>
Sat, 14 May 2005 05:42:29 +0000 (05:42 +0000)
committer Tim Starling <tstarling@users.mediawiki.org>
Sat, 14 May 2005 05:42:29 +0000 (05:42 +0000)
diff --git a/includes/MessageCache.php b/includes/MessageCache.php

index 8af4484..6d4b788 100755 (executable)
--- a/includes/MessageCache.php
+++ b/includes/MessageCache.php
@@ -234,7 +234,7 @@ class MessageCache
                 }
                 # If uninitialised, someone is trying to call this halfway through Setup.php
                 if( !$this->mInitialised ) {
-                       return "&lt;$key&gt;";
+                       return '&lt;' . htmlspecialchars($key) . '&gt;';
                 }
                 # If cache initialization was deferred, start it now.
                 if( $this->mDeferred ) {
@@ -277,7 +277,7 @@ class MessageCache
                 
                 # Final fallback
                 if( !$message ) {
-                       $message = "&lt;$key&gt;";
+                       return '&lt;' . htmlspecialchars($key) . '&gt;';
                 }
  
                 # Replace brace tags
author	Tim Starling <tstarling@users.mediawiki.org>
	Sat, 14 May 2005 05:42:29 +0000 (05:42 +0000)
committer	Tim Starling <tstarling@users.mediawiki.org>
	Sat, 14 May 2005 05:42:29 +0000 (05:42 +0000)