From 0e841380176805b078bf35553e5d4406a4a6ab9d Mon Sep 17 00:00:00 2001
From: Timo Tijhof <krinklemail@gmail.com>
Date: Sun, 24 May 2015 14:39:15 +0200
Subject: [PATCH] HttpError: Consistently escape document title

Wasn't actually a vulnerability because HttpStatus::getMessage
can only return one of a fixed set of values which are all plain
text without any special characters. However the return value
there is meant to plain text and not html, so just like
Html::element and other interfaces, things should be consitently
escaped.

Also renamed variables for clarity.

Change-Id: I8b61d7e9ea4101e3a9ef5f9a59a97db45aeef68c
---
 includes/exception/HttpError.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/includes/exception/HttpError.php b/includes/exception/HttpError.php
index b81c57314c..21d493a82f 100644
--- a/includes/exception/HttpError.php
+++ b/includes/exception/HttpError.php
@@ -113,21 +113,21 @@ class HttpError extends MWException {
 	 */
 	public function getHTML() {
 		if ( $this->header === null ) {
-			$header = HttpStatus::getMessage( $this->httpCode );
+			$titleHtml = htmlspecialchars( HttpStatus::getMessage( $this->httpCode ) );
 		} elseif ( $this->header instanceof Message ) {
-			$header = $this->header->escaped();
+			$titleHtml = $this->header->escaped();
 		} else {
-			$header = htmlspecialchars( $this->header );
+			$titleHtml = htmlspecialchars( $this->header );
 		}
 
 		if ( $this->content instanceof Message ) {
-			$content = $this->content->escaped();
+			$contentHtml = $this->content->escaped();
 		} else {
-			$content = htmlspecialchars( $this->content );
+			$contentHtml = htmlspecialchars( $this->content );
 		}
 
 		return "<!DOCTYPE html>\n" .
-		"<html><head><title>$header</title></head>\n" .
-		"<body><h1>$header</h1><p>$content</p></body></html>\n";
+		"<html><head><title>$titleHtml</title></head>\n" .
+		"<body><h1>$header</h1><p>$contentHtml</p></body></html>\n";
 	}
 }
-- 
2.20.1