Escape unescaped messages shown in action=info

author Niklas Laxström <niklas.laxstrom@gmail.com>

Sat, 6 Dec 2014 10:31:32 +0000 (11:31 +0100)

committer Umherirrender <umherirrender_de.wp@web.de>

Fri, 30 Jan 2015 16:56:11 +0000 (16:56 +0000)
author Niklas Laxström <niklas.laxstrom@gmail.com>
Sat, 6 Dec 2014 10:31:32 +0000 (11:31 +0100)
committer Umherirrender <umherirrender_de.wp@web.de>
Fri, 30 Jan 2015 16:56:11 +0000 (16:56 +0000)
diff --git a/includes/Linker.php b/includes/Linker.php

index f220eba..3a039f6 100644 (file)
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -2043,14 +2043,14 @@ class Linker {
                                 if ( $titleObj->quickUserCan( 'edit' ) ) {
                                         $editLink = self::link(
                                                 $titleObj,
-                                               wfMessage( 'editlink' )->text(),
+                                               wfMessage( 'editlink' )->escaped(),
                                                 array(),
                                                 array( 'action' => 'edit' )
                                         );
                                 } else {
                                         $editLink = self::link(
                                                 $titleObj,
-                                               wfMessage( 'viewsourcelink' )->text(),
+                                               wfMessage( 'viewsourcelink' )->escaped(),
                                                 array(),
                                                 array( 'action' => 'edit' )
                                         );
diff --git a/includes/actions/InfoAction.php b/includes/actions/InfoAction.php

index beac822..ff31eb6 100644 (file)
--- a/includes/actions/InfoAction.php
+++ b/includes/actions/InfoAction.php
@@ -297,7 +297,7 @@ class InfoAction extends FormlessAction {
                 // Content model of the page
                 $pageInfo['header-basic'][] = array(
                         $this->msg( 'pageinfo-content-model' ),
-                       ContentHandler::getLocalizedName( $title->getContentModel() )
+                       htmlspecialchars( ContentHandler::getLocalizedName( $title->getContentModel() ) )
                 );
  
                 // Search engine status
@@ -483,7 +483,7 @@ class InfoAction extends FormlessAction {
                                 $this->msg( 'pageinfo-firsttime' ),
                                 Linker::linkKnown(
                                         $title,
-                                       $lang->userTimeAndDate( $firstRev->getTimestamp(), $user ),
+                                       htmlspecialchars( $lang->userTimeAndDate( $firstRev->getTimestamp(), $user ) ),
                                         array(),
                                         array( 'oldid' => $firstRev->getId() )
                                 )
@@ -502,7 +502,7 @@ class InfoAction extends FormlessAction {
                                 $this->msg( 'pageinfo-lasttime' ),
                                 Linker::linkKnown(
                                         $title,
-                                       $lang->userTimeAndDate( $this->page->getTimestamp(), $user ),
+                                       htmlspecialchars( $lang->userTimeAndDate( $this->page->getTimestamp(), $user ) ),
                                         array(),
                                         array( 'oldid' => $this->page->getLatest() )
                                 )
author	Niklas Laxström <niklas.laxstrom@gmail.com>
	Sat, 6 Dec 2014 10:31:32 +0000 (11:31 +0100)
committer	Umherirrender <umherirrender_de.wp@web.de>
	Fri, 30 Jan 2015 16:56:11 +0000 (16:56 +0000)
includes/Linker.php		patch \| blob \| history
includes/actions/InfoAction.php		patch \| blob \| history