Be sure that the text is escaped

diff --git a/includes/LogPage.php b/includes/LogPage.php
index fa21f02..0dcb1f2 100644 (file)
--- a/includes/LogPage.php
+++ b/includes/LogPage.php
@@ -158,7 +158,7 @@ class LogPage {
 
                                        switch( $type ) {
                                                case 'move':
-                                                       $titleLink = $skin->makeLinkObj( $title, $title->getPrefixedText(), 'redirect=no' );
+                                                       $titleLink = $skin->makeLinkObj( $title, htmlspecialchars( $title->getPrefixedText() ), 'redirect=no' );
                                                        $params[0] = $skin->makeLinkObj( Title::newFromText( $params[0] ), htmlspecialchars( $params[0] ) );
                                                        break;
                                                case 'block':