From d7743ca457a09ec5251fa6e86c297f3b43be0b06 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Niklas=20Laxstr=C3=B6m?= <nikerabbit@users.mediawiki.org>
Date: Mon, 18 Jun 2007 13:34:07 +0000
Subject: [PATCH] * Escape the output of magic variables that return page name
 or part of it

---
 RELEASE-NOTES       |  2 +-
 includes/Parser.php | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index f0e1147629..aad8ed58c2 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -174,7 +174,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   {{LOCAL*}} functions return local time per server config or $wgLocaltimezone.
   Signature dates for Japanese and other languages including weekday now show
   the correct day to match the rest of the time in local time.
-
+* Escape the output of magic variables that return page name or part of it
 
 == API changes since 1.10 ==
 
diff --git a/includes/Parser.php b/includes/Parser.php
index eb6739f2f5..20d8e936cb 100644
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -2455,25 +2455,25 @@ class Parser
 			case 'localday2':
 				return $varCache[$index] = $wgContLang->formatNum( $localDay2 );
 			case 'pagename':
-				return $this->mTitle->getText();
+				return wfEscapeWikiText( $this->mTitle->getText() );
 			case 'pagenamee':
 				return $this->mTitle->getPartialURL();
 			case 'fullpagename':
-				return $this->mTitle->getPrefixedText();
+				return wfEscapeWikiText( $this->mTitle->getPrefixedText() );
 			case 'fullpagenamee':
 				return $this->mTitle->getPrefixedURL();
 			case 'subpagename':
-				return $this->mTitle->getSubpageText();
+				return wfEscapeWikiText( $this->mTitle->getSubpageText() );
 			case 'subpagenamee':
 				return $this->mTitle->getSubpageUrlForm();
 			case 'basepagename':
-				return $this->mTitle->getBaseText();
+				return wfEscapeWikiText( $this->mTitle->getBaseText() );
 			case 'basepagenamee':
 				return wfUrlEncode( str_replace( ' ', '_', $this->mTitle->getBaseText() ) );
 			case 'talkpagename':
 				if( $this->mTitle->canTalk() ) {
 					$talkPage = $this->mTitle->getTalkPage();
-					return $talkPage->getPrefixedText();
+					return wfEscapeWikiText( $talkPage->getPrefixedText() );
 				} else {
 					return '';
 				}
@@ -2486,7 +2486,7 @@ class Parser
 				}
 			case 'subjectpagename':
 				$subjPage = $this->mTitle->getSubjectPage();
-				return $subjPage->getPrefixedText();
+				return wfEscapeWikiText( $subjPage->getPrefixedText() );
 			case 'subjectpagenamee':
 				$subjPage = $this->mTitle->getSubjectPage();
 				return $subjPage->getPrefixedUrl();
-- 
2.20.1