Html escape the timestamp in Special:Undelete

author Brian Wolff <bawolff+wn@gmail.com>

Fri, 27 Oct 2017 08:30:48 +0000 (08:30 +0000)

committer Brian Wolff <bawolff+wn@gmail.com>

Fri, 27 Oct 2017 13:44:12 +0000 (13:44 +0000)
author Brian Wolff <bawolff+wn@gmail.com>
Fri, 27 Oct 2017 08:30:48 +0000 (08:30 +0000)
committer Brian Wolff <bawolff+wn@gmail.com>
Fri, 27 Oct 2017 13:44:12 +0000 (13:44 +0000)
diff --git a/includes/specials/SpecialUndelete.php b/includes/specials/SpecialUndelete.php

index 740207d..62a48c6 100644 (file)
--- a/includes/specials/SpecialUndelete.php
+++ b/includes/specials/SpecialUndelete.php
@@ -969,7 +969,7 @@ class SpecialUndelete extends SpecialPage {
                         $key = urlencode( $row->fa_storage_key );
                         $pageLink = $this->getFileLink( $file, $this->getPageTitle(), $ts, $key );
                 } else {
-                       $pageLink = $this->getLanguage()->userTimeAndDate( $ts, $user );
+                       $pageLink = htmlspecialchars( $this->getLanguage()->userTimeAndDate( $ts, $user ) );
                 }
                 $userLink = $this->getFileUser( $file );
                 $data = $this->msg( 'widthheight' )->numParams( $row->fa_width, $row->fa_height )->text();
@@ -1049,7 +1049,7 @@ class SpecialUndelete extends SpecialPage {
                 $time = $this->getLanguage()->userTimeAndDate( $ts, $user );
  
                 if ( !$file->userCan( File::DELETED_FILE, $user ) ) {
-                       return '<span class="history-deleted">' . $time . '</span>';
+                       return '<span class="history-deleted">' . htmlspecialchars( $time ) . '</span>';
                 }
  
                 $link = $this->getLinkRenderer()->makeKnownLink(
author	Brian Wolff <bawolff+wn@gmail.com>
	Fri, 27 Oct 2017 08:30:48 +0000 (08:30 +0000)
committer	Brian Wolff <bawolff+wn@gmail.com>
	Fri, 27 Oct 2017 13:44:12 +0000 (13:44 +0000)