From: Niklas Laxström <niklas.laxstrom@gmail.com>
Date: Sat, 6 Dec 2014 10:16:15 +0000 (+0100)
Subject: Escape unescaped messages shown on a diff page
X-Git-Tag: 1.31.0-rc.0~12919
X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=4741900b5edfd9022252580aa1008c570b2e224f

Escape unescaped messages shown on a diff page

Change-Id: I05c07625a2dbb3c5d3ab46d1cfafeaed6a248bba
---

diff --git a/includes/Linker.php b/includes/Linker.php
index a55eee90ad..ac4bb99da8 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1179,7 +1179,7 @@ class Linker {
 		Hooks::run( 'UserToolLinksEdit', array( $userId, $userText, &$items ) );
 
 		if ( $items ) {
-			return wfMessage( 'word-separator' )->plain()
+			return wfMessage( 'word-separator' )->escaped()
 				. '<span class="mw-usertoollinks">'
 				. wfMessage( 'parentheses' )->rawParams( $wgLang->pipeList( $items ) )->escaped()
 				. '</span>';
@@ -1266,7 +1266,7 @@ class Linker {
 			$userId = $rev->getUser( Revision::FOR_THIS_USER );
 			$userText = $rev->getUserText( Revision::FOR_THIS_USER );
 			$link = self::userLink( $userId, $userText )
-				. wfMessage( 'word-separator' )->plain()
+				. wfMessage( 'word-separator' )->escaped()
 				. self::userToolLinks( $userId, $userText );
 		} else {
 			$link = wfMessage( 'rev-deleted-user' )->escaped();
@@ -1812,7 +1812,7 @@ class Linker {
 		$inner = self::buildRollbackLink( $rev, $context, $editCount );
 
 		if ( !in_array( 'noBrackets', $options ) ) {
-			$inner = $context->msg( 'brackets' )->rawParams( $inner )->plain();
+			$inner = $context->msg( 'brackets' )->rawParams( $inner )->escaped();
 		}
 
 		return '<span class="mw-rollback-link">' . $inner . '</span>';
diff --git a/includes/diff/DifferenceEngine.php b/includes/diff/DifferenceEngine.php
index c8871932ee..a458831696 100644
--- a/includes/diff/DifferenceEngine.php
+++ b/includes/diff/DifferenceEngine.php
@@ -1062,7 +1062,7 @@ class DifferenceEngine extends ContextSource {
 			$key = $title->quickUserCan( 'edit', $user ) ? 'editold' : 'viewsourceold';
 			$msg = $this->msg( $key )->escaped();
 			$editLink = $this->msg( 'parentheses' )->rawParams(
-				Linker::linkKnown( $title, $msg, array( ), $editQuery ) )->plain();
+				Linker::linkKnown( $title, $msg, array( ), $editQuery ) )->escaped();
 			$header .= ' ' . Html::rawElement(
 				'span',
 				array( 'class' => 'mw-diff-edit' ),