From 9f11f8558221210a25e9edb0773fba9c5d9a370b Mon Sep 17 00:00:00 2001
From: =?utf8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?=
 <avar@users.mediawiki.org>
Date: Sat, 7 Jan 2006 04:57:38 +0000
Subject: [PATCH] * (bug 4373) Escape < and > in input like
 "foo</td></tr></table>" (only escaped the last two previously)

---
 includes/Sanitizer.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index c4f6a70bb4..127ea3b8a4 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -384,8 +384,7 @@ class Sanitizer {
 						# Closing a tag...
 						if( in_array( $t, $htmlsingleonly ) ) {
 							$badtag = 1;
-						} elseif( !in_array( $t, $htmlsingle ) &&
-						( $ot = @array_pop( $tagstack ) ) != $t ) {
+						} elseif ( ( $ot = @array_pop( $tagstack ) ) != $t ) {
 							@array_push( $tagstack, $ot );
 							$badtag = 1;
 						} else {
@@ -405,7 +404,7 @@ class Sanitizer {
 						} elseif( in_array( $t, $htmlsingleonly ) ) {
 							# Hack to force empty tag for uncloseable elements
 							$brace = '/>';
-						} else if ( ! in_array( $t, $htmlsingle ) ) {
+						} else {
 							if ( $t == 'table' ) {
 								array_push( $tablestack, $tagstack );
 								$tagstack = array();
-- 
2.20.1