* Use Xml:: functions and remove the huge warning about escaping

diff --git a/includes/PageHistory.php b/includes/PageHistory.php
index 13b021c..1710e33 100644 (file)
--- a/includes/PageHistory.php
+++ b/includes/PageHistory.php
@@ -135,25 +135,11 @@ class PageHistory {
         * @return string HTML output
         */
        function beginHistoryList() {
-               global $wgTitle;
+               global $wgTitle, $wgScript;
                $this->lastdate = '';
                $s = wfMsgExt( 'histlegend', array( 'parse') );
-               $s .= '<form action="' . $wgTitle->escapeLocalURL( '-' ) . '" method="get">';
-               $prefixedkey = htmlspecialchars($wgTitle->getPrefixedDbKey());
-
-               // The following line is SUPPOSED to have double-quotes around the
-               // $prefixedkey variable, because htmlspecialchars() doesn't escape
-               // single-quotes.
-               //
-               // On at least two occasions people have changed it to single-quotes,
-               // which creates invalid HTML and incorrect display of the resulting
-               // link.
-               //
-               // Please do not break this a third time. Thank you for your kind
-               // consideration and cooperation.
-               //
-               $s .= "<input type='hidden' name='title' value=\"{$prefixedkey}\" />\n";
-
+               $s .= Xml::openElement( 'form', array( 'action' => $wgScript ) );
+               $s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );
                $s .= $this->submitButton();
                $s .= '<ul id="pagehistory">' . "\n";
                return $s;