X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FMessage.php;h=2c979dedd0afdbbbab67693f6ee0f1f52f91a6f4;hb=06045fd914a2472f6615fb79b0244c1103099a6d;hp=712d3f17fb8ddabacd78071be11451fa3f46a5e4;hpb=b6516e11f1fe4d3f5f8085f8ccbbcdf24303b9d8;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Message.php b/includes/Message.php index 712d3f17fb..2c979dedd0 100644 --- a/includes/Message.php +++ b/includes/Message.php @@ -402,8 +402,8 @@ class Message implements MessageSpecifier, Serializable { $value = array_shift( $params ); } - if ( $value instanceof RawMessage ) { - $message = new RawMessage( $value->getKey(), $value->getParams() ); + if ( $value instanceof Message ) { // Message, RawMessage, ApiMessage, etc + $message = clone( $value ); } elseif ( $value instanceof MessageSpecifier ) { $message = new Message( $value ); } elseif ( is_string( $value ) ) { @@ -802,10 +802,13 @@ class Message implements MessageSpecifier, Serializable { $string = $this->fetchMessage(); if ( $string === false ) { - if ( $this->format === 'plain' || $this->format === 'text' ) { - return '<' . $this->key . '>'; - } - return '<' . htmlspecialchars( $this->key ) . '>'; + // Err on the side of safety, ensure that the output + // is always html safe in the event the message key is + // missing, since in that case its highly likely the + // message key is user-controlled. + // '⧼' is used instead of '<' to side-step any + // double-escaping issues. + return '⧼' . htmlspecialchars( $this->key ) . '⧽'; } # Replace $* with a list of parameters for &uselang=qqx.