From 6c8ce97c135c3a8f0e4f29bf62afdd5ded1ba13b Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 24 Jun 2004 05:32:52 +0000
Subject: [PATCH] Be a little more careful about escaping displayed usernames

---
 includes/PageHistory.php          | 4 ++--
 includes/SpecialContributions.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/PageHistory.php b/includes/PageHistory.php
index 56f673fa74..3eeaa9d419 100644
--- a/includes/PageHistory.php
+++ b/includes/PageHistory.php
@@ -162,10 +162,10 @@ class PageHistory {
 
 		if ( 0 == $u ) {
 			$ul = $this->mSkin->makeKnownLink( $wgLang->specialPage( "Contributions" ),
-				$ut, "target=" . $ut );
+				htmlspecialchars( $ut ), "target=" . urlencode( $ut ) );
 		} else { 
 			$ul = $this->mSkin->makeLink( $wgLang->getNsText(
-				Namespace::getUser() ) . ":{$ut}", $ut );
+				Namespace::getUser() ) . ":{$ut}", htmlspecialchars( $ut ) );
 		}
 
 		$s = "<li>";
diff --git a/includes/SpecialContributions.php b/includes/SpecialContributions.php
index 91568141da..0dcd5ebfc3 100644
--- a/includes/SpecialContributions.php
+++ b/includes/SpecialContributions.php
@@ -33,7 +33,7 @@ function wfSpecialContributions( $par = "" )
 	if ( 0 == $id ) {
 		$ul = $nt->getText();
 	} else {
-		$ul = $sk->makeLinkObj( $nt, $nt->getText() );
+		$ul = $sk->makeLinkObj( $nt, htmlspecialchars( $nt->getText() ) );
 		$userCond = "=" . $id;
 	}
 	$talk = $nt->getTalkPage();
-- 
2.20.1