Merge "Browser tests: update to mw-selenium 1.7.2 and https"

[lhc/web/wiklou.git] / includes / Message.php

diff --git a/includes/Message.php b/includes/Message.php
index 712d3f1..2c979de 100644 (file)
--- a/includes/Message.php
+++ b/includes/Message.php
@@ -402,8 +402,8 @@ class Message implements MessageSpecifier, Serializable {
                        $value = array_shift( $params );
                }
 
-               if ( $value instanceof RawMessage ) {
-                       $message = new RawMessage( $value->getKey(), $value->getParams() );
+               if ( $value instanceof Message ) { // Message, RawMessage, ApiMessage, etc
+                       $message = clone( $value );
                } elseif ( $value instanceof MessageSpecifier ) {
                        $message = new Message( $value );
                } elseif ( is_string( $value ) ) {
@@ -802,10 +802,13 @@ class Message implements MessageSpecifier, Serializable {
                $string = $this->fetchMessage();
 
                if ( $string === false ) {
-                       if ( $this->format === 'plain' || $this->format === 'text' ) {
-                               return '<' . $this->key . '>';
-                       }
-                       return '&lt;' . htmlspecialchars( $this->key ) . '&gt;';
+                       // Err on the side of safety, ensure that the output
+                       // is always html safe in the event the message key is
+                       // missing, since in that case its highly likely the
+                       // message key is user-controlled.
+                       // '⧼' is used instead of '<' to side-step any
+                       // double-escaping issues.
+                       return '⧼' . htmlspecialchars( $this->key ) . '⧽';
                }
 
                # Replace $* with a list of parameters for &uselang=qqx.