From 242c0eb3664b9a449fbca1740da5642affc03415 Mon Sep 17 00:00:00 2001
From: River Tarnell <kateturner@users.mediawiki.org>
Date: Thu, 14 Oct 2004 04:15:29 +0000
Subject: [PATCH] fix xss attack

---
 includes/ImagePage.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/ImagePage.php b/includes/ImagePage.php
index f375c7fd62..6eda49159d 100644
--- a/includes/ImagePage.php
+++ b/includes/ImagePage.php
@@ -76,7 +76,7 @@ class ImagePage extends Article {
 				}
 				$s = "<div class=\"fullImageLink\">" . $anchoropen .
 				     "<img border=\"0\" src=\"{$url}\" width=\"{$width}\" height=\"{$height}\" alt=\"" .
-				     $wgRequest->getVal( 'image' )."\" />" . $anchorclose . "</div>";
+				     htmlspecialchars( $wgRequest->getVal( 'image' ) )."\" />" . $anchorclose . "</div>";
 			} else {
 				$s = "<div class=\"fullMedia\">".$sk->makeMediaLink($this->img->getName(),"")."</div>";
 			}
-- 
2.20.1