Escape unescaped messages shown on a diff page

author Niklas Laxström <niklas.laxstrom@gmail.com>

Sat, 6 Dec 2014 10:16:15 +0000 (11:16 +0100)

committer Legoktm <legoktm.wikipedia@gmail.com>

Thu, 18 Dec 2014 20:01:32 +0000 (20:01 +0000)
author Niklas Laxström <niklas.laxstrom@gmail.com>
Sat, 6 Dec 2014 10:16:15 +0000 (11:16 +0100)
committer Legoktm <legoktm.wikipedia@gmail.com>
Thu, 18 Dec 2014 20:01:32 +0000 (20:01 +0000)
diff --git a/includes/Linker.php b/includes/Linker.php

index a55eee9..ac4bb99 100644 (file)
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1179,7 +1179,7 @@ class Linker {
                 Hooks::run( 'UserToolLinksEdit', array( $userId, $userText, &$items ) );
  
                 if ( $items ) {
-                       return wfMessage( 'word-separator' )->plain()
+                       return wfMessage( 'word-separator' )->escaped()
                                 . '<span class="mw-usertoollinks">'
                                 . wfMessage( 'parentheses' )->rawParams( $wgLang->pipeList( $items ) )->escaped()
                                 . '</span>';
@@ -1266,7 +1266,7 @@ class Linker {
                         $userId = $rev->getUser( Revision::FOR_THIS_USER );
                         $userText = $rev->getUserText( Revision::FOR_THIS_USER );
                         $link = self::userLink( $userId, $userText )
-                               . wfMessage( 'word-separator' )->plain()
+                               . wfMessage( 'word-separator' )->escaped()
                                 . self::userToolLinks( $userId, $userText );
                 } else {
                         $link = wfMessage( 'rev-deleted-user' )->escaped();
@@ -1812,7 +1812,7 @@ class Linker {
                 $inner = self::buildRollbackLink( $rev, $context, $editCount );
  
                 if ( !in_array( 'noBrackets', $options ) ) {
-                       $inner = $context->msg( 'brackets' )->rawParams( $inner )->plain();
+                       $inner = $context->msg( 'brackets' )->rawParams( $inner )->escaped();
                 }
  
                 return '<span class="mw-rollback-link">' . $inner . '</span>';
diff --git a/includes/diff/DifferenceEngine.php b/includes/diff/DifferenceEngine.php

index c887193..a458831 100644 (file)
--- a/includes/diff/DifferenceEngine.php
+++ b/includes/diff/DifferenceEngine.php
@@ -1062,7 +1062,7 @@ class DifferenceEngine extends ContextSource {
                         $key = $title->quickUserCan( 'edit', $user ) ? 'editold' : 'viewsourceold';
                         $msg = $this->msg( $key )->escaped();
                         $editLink = $this->msg( 'parentheses' )->rawParams(
-                               Linker::linkKnown( $title, $msg, array( ), $editQuery ) )->plain();
+                               Linker::linkKnown( $title, $msg, array( ), $editQuery ) )->escaped();
                         $header .= ' ' . Html::rawElement(
                                 'span',
                                 array( 'class' => 'mw-diff-edit' ),
author	Niklas Laxström <niklas.laxstrom@gmail.com>
	Sat, 6 Dec 2014 10:16:15 +0000 (11:16 +0100)
committer	Legoktm <legoktm.wikipedia@gmail.com>
	Thu, 18 Dec 2014 20:01:32 +0000 (20:01 +0000)
includes/Linker.php		patch \| blob \| history
includes/diff/DifferenceEngine.php		patch \| blob \| history