From b418b85c349a46b583659d9b60db8b1b6ef62e48 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Niklas=20Laxstr=C3=B6m?= <niklas.laxstrom@gmail.com>
Date: Sat, 6 Dec 2014 12:16:16 +0100
Subject: [PATCH] Fix escaping of specialList and clarify comments

Change-Id: I4bead5f5f310dd35e8dfee738f35a070e7bf869f
---
 languages/Language.php | 37 ++++++++++++++++++++++++++-----------
 1 file changed, 26 insertions(+), 11 deletions(-)

diff --git a/languages/Language.php b/languages/Language.php
index c0de1b40ad..72cc1ace31 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -962,7 +962,17 @@ class Language {
 	 * @return string
 	 */
 	function getMessageFromDB( $msg ) {
-		return wfMessage( $msg )->inLanguage( $this )->text();
+		return $this->msg( $msg )->text();
+	}
+
+	/**
+	 * Get message object in this language. Only for use inside this class.
+	 *
+	 * @param string $msg Message name
+	 * @return Message
+	 */
+	protected function msg( $msg ) {
+		return wfMessage( $msg )->inLanguage( $this );
 	}
 
 	/**
@@ -3406,10 +3416,10 @@ class Language {
 			return '';
 		}
 		if ( $m > 0 ) {
-			$and = htmlspecialchars( $this->getMessageFromDB( 'and' ) );
-			$space = htmlspecialchars( $this->getMessageFromDB( 'word-separator' ) );
+			$and = $this->msg( 'and' )->escaped();
+			$space = $this->msg( 'word-separator' )->escaped();
 			if ( $m > 1 ) {
-				$comma = htmlspecialchars( $this->getMessageFromDB( 'comma-separator' ) );
+				$comma = $this->msg( 'comma-separator' )->escaped();
 			}
 		}
 		$s = $l[$m];
@@ -4643,17 +4653,22 @@ class Language {
 	 * Make a list item, used by various special pages
 	 *
 	 * @param string $page Page link
-	 * @param string $details Text between brackets
+	 * @param string $details HTML safe text between brackets
 	 * @param bool $oppositedm Add the direction mark opposite to your
 	 *   language, to display text properly
-	 * @return string
+	 * @return HTML escaped string
 	 */
 	function specialList( $page, $details, $oppositedm = true ) {
-		$dirmark = ( $oppositedm ? $this->getDirMark( true ) : '' ) .
-			$this->getDirMark();
-		$details = $details ? $dirmark . $this->getMessageFromDB( 'word-separator' ) .
-			wfMessage( 'parentheses' )->rawParams( $details )->inLanguage( $this )->escaped() : '';
-		return $page . $details;
+		if ( !$details ) {
+			return $page;
+		}
+
+		$dirmark = ( $oppositedm ? $this->getDirMark( true ) : '' ) . $this->getDirMark();
+		return
+			$page .
+			$dirmark .
+			$this->msg( 'word-separator' )->escaped() .
+			$this->msg( 'parentheses' )->rawParams( $details )->escaped();
 	}
 
 	/**
-- 
2.20.1