(bug 26603) returnto parameter in login link not escaped when viewed on Special:Userl...

diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index d04a84c..2c5edf9 100644 (file)
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -570,7 +570,7 @@ class SkinTemplate extends Skin {
                $personal_urls = array();
                $page = $wgRequest->getVal( 'returnto', $this->thisurl );
                $query = $wgRequest->getVal( 'returntoquery', $this->thisquery );
-               $returnto = "returnto=$page";
+               $returnto = wfArrayToCGI( array( 'returnto' => $page ) );
                if( $this->thisquery != '' ) {
                        $returnto .= "&returntoquery=$query";
                }