From 264b933281f5cde47885325039b4322c6781575f Mon Sep 17 00:00:00 2001
From: River Tarnell <kateturner@users.mediawiki.org>
Date: Wed, 13 Oct 2004 21:38:50 +0000
Subject: [PATCH] fix xss attack

---
 includes/SpecialMaintenance.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/includes/SpecialMaintenance.php b/includes/SpecialMaintenance.php
index 3166c5a4fe..85c15109a5 100644
--- a/includes/SpecialMaintenance.php
+++ b/includes/SpecialMaintenance.php
@@ -283,7 +283,8 @@ function wfSpecialMissingLanguageLinks() {
 	$wgOut->addHTML( "<p>{$top}\n" );
 
 	$sl = wfViewPrevNext( $offset, $limit, 'REPLACETHIS' ) ;
-	$sl = str_replace ( 'REPLACETHIS' , sns().":Maintenance&subfunction=missinglanguagelinks&thelang={$thelang}" , $sl ) ;
+	$sl = str_replace ( 'REPLACETHIS' , sns().":Maintenance&subfunction=missinglanguagelinks&thelang=".
+						htmlspecialchars($thelang), $sl ) ;
 	$wgOut->addHTML( "<br>{$sl}\n" );
 
 	$sk = $wgUser->getSkin();
-- 
2.20.1