Escape return of {{int:}} if message not exists

This avoids returning possible html tags like <var> for {{int:var}}.

Bug: T44914
Change-Id: Ibcba9129d88510e6a84282c774ebe2dbfa548462

diff --git a/includes/parser/CoreParserFunctions.php b/includes/parser/CoreParserFunctions.php
index 8a30ad1..7639e2f 100644 (file)
--- a/includes/parser/CoreParserFunctions.php
+++ b/includes/parser/CoreParserFunctions.php
@@ -88,9 +88,13 @@ class CoreParserFunctions {
                if ( strval( $part1 ) !== '' ) {
                        $args = array_slice( func_get_args(), 2 );
                        $message = wfMessage( $part1, $args )
-                               ->inLanguage( $parser->getOptions()->getUserLangObj() )->plain();
-
-                       return array( $message, 'noparse' => false );
+                               ->inLanguage( $parser->getOptions()->getUserLangObj() );
+                       if ( !$message->exists() ) {
+                               // When message does not exists, the message name is surrounded by angle
+                               // and can result in a tag, therefore escape the angles
+                               return $message->escaped();
+                       }
+                       return array( $message->plain(), 'noparse' => false );
                } else {
                        return array( 'found' => false );
                }

diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index ab33d89..5fcc7bb 100644 (file)
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -10236,6 +10236,15 @@ int keyword
 </p>
 !! end
 
+!! test
+int keyword - non-existing message
+!! wikitext
+{{int:var}}
+!! html
+<p>&lt;var&gt;
+</p>
+!! end
+
 !! article
 Template:Includes
 !! text