Fix cross site scripting bug

author Jens Frank <jeluf@users.mediawiki.org>

Wed, 13 Oct 2004 21:07:08 +0000 (21:07 +0000)

committer Jens Frank <jeluf@users.mediawiki.org>

Wed, 13 Oct 2004 21:07:08 +0000 (21:07 +0000)
author Jens Frank <jeluf@users.mediawiki.org>
Wed, 13 Oct 2004 21:07:08 +0000 (21:07 +0000)
committer Jens Frank <jeluf@users.mediawiki.org>
Wed, 13 Oct 2004 21:07:08 +0000 (21:07 +0000)
diff --git a/includes/SpecialEmailuser.php b/includes/SpecialEmailuser.php

index 9661a1c..35d3cce 100644 (file)
--- a/includes/SpecialEmailuser.php
+++ b/includes/SpecialEmailuser.php
@@ -114,9 +114,8 @@ class EmailUserForm {
  </tr><tr>
  <td align=right>{$emm}:</td>
  <td align=left>
-<textarea name=\"wpText\" rows=10 cols=60 wrap=virtual>
-{$this->text}
-</textarea>
+<textarea name=\"wpText\" rows=10 cols=60 wrap=virtual>" . htmlspecialchars( $this->text ) .
+"</textarea>
  </td></tr><tr>
  <td>&nbsp;</td><td align=left>
  <input type=submit name=\"wpSend\" value=\"{$ems}\">
author	Jens Frank <jeluf@users.mediawiki.org>
	Wed, 13 Oct 2004 21:07:08 +0000 (21:07 +0000)
committer	Jens Frank <jeluf@users.mediawiki.org>
	Wed, 13 Oct 2004 21:07:08 +0000 (21:07 +0000)