Fix cross site scripting bug

author Jens Frank <jeluf@users.mediawiki.org>

Wed, 13 Oct 2004 20:02:10 +0000 (20:02 +0000)

committer Jens Frank <jeluf@users.mediawiki.org>

Wed, 13 Oct 2004 20:02:10 +0000 (20:02 +0000)
author Jens Frank <jeluf@users.mediawiki.org>
Wed, 13 Oct 2004 20:02:10 +0000 (20:02 +0000)
committer Jens Frank <jeluf@users.mediawiki.org>
Wed, 13 Oct 2004 20:02:10 +0000 (20:02 +0000)
diff --git a/includes/SpecialIpblocklist.php b/includes/SpecialIpblocklist.php

index 8d427ac..87d9e39 100644 (file)
--- a/includes/SpecialIpblocklist.php
+++ b/includes/SpecialIpblocklist.php
@@ -18,7 +18,7 @@ function wfSpecialIpblocklist() {
         $ipu = new IPUnblockForm( $ip, $reason );
  
         if ( "success" == $action ) {
-               $msg = wfMsg( "ipusuccess", $ip );
+               $msg = wfMsg( "ipusuccess", htmlspecialchars( $ip ) );
                 $ipu->showList( $msg );
         } else if ( "submit" == $action && $wgRequest->wasPosted() ) {
                 if ( ! $wgUser->isSysop() ) {
author	Jens Frank <jeluf@users.mediawiki.org>
	Wed, 13 Oct 2004 20:02:10 +0000 (20:02 +0000)
committer	Jens Frank <jeluf@users.mediawiki.org>
	Wed, 13 Oct 2004 20:02:10 +0000 (20:02 +0000)