Escape wikitext in username before passing it to certain messages; also remove <nowiki>s in those as they're superfluous.
if ( !$user->isLoggedIn() && !$ip ) { # User does not exist
$wgOut->wrapWikiMsg( "<div class=\"mw-userpage-userdoesnotexist error\">\n\$1\n</div>",
- array( 'userpage-userdoesnotexist-view', $rootPart ) );
+ array( 'userpage-userdoesnotexist-view', wfEscapeWikiText( $rootPart ) ) );
} elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked
LogEventsList::showLogExtract(
$wgOut,
Html::rawElement(
'div',
array( 'class' => 'error mw-error-cannotdelete' ),
- wfMsgExt( 'cannotdelete', array( 'parse' ), $this->mTitle->getPrefixedText() )
+ wfMsgExt( 'cannotdelete', array( 'parse' ),
+ wfEscapeWikiText( $this->mTitle->getPrefixedText() ) )
)
);
$wgOut->addHTML( Xml::element( 'h2', null, LogPage::logName( 'delete' ) ) );
$loglink = '[[Special:Log/delete|' . wfMsgNoTrans( 'deletionlog' ) . ']]';
- $wgOut->addWikiMsg( 'deletedtext', $deleted, $loglink );
+ $wgOut->addWikiMsg( 'deletedtext', wfEscapeWikiText( $deleted ), $loglink );
$wgOut->returnToMain( false );
} else {
if ( $error == '' ) {
Html::rawElement(
'div',
array( 'class' => 'error mw-error-cannotdelete' ),
- wfMsgExt( 'cannotdelete', array( 'parse' ), $this->mTitle->getPrefixedText() )
+ wfMsgExt( 'cannotdelete', array( 'parse' ),
+ wfEscapeWikiText( $this->mTitle->getPrefixedText() ) )
)
);
$ip = User::isIP( $username );
if ( !$user->isLoggedIn() && !$ip ) { # User does not exist
$wgOut->wrapWikiMsg( "<div class=\"mw-userpage-userdoesnotexist error\">\n$1\n</div>",
- array( 'userpage-userdoesnotexist', $username ) );
+ array( 'userpage-userdoesnotexist', wfEscapeWikiText( $username ) ) );
} elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked
LogEventsList::showLogExtract(
$wgOut,
$wgOut->showPermissionsErrorPage( $this->mPermErrors );
}
} else {
- $wgOut->addWikiMsg( 'protect-text', $this->mTitle->getPrefixedText() );
+ $wgOut->addWikiMsg( 'protect-text',
+ wfEscapeWikiText( $this->mTitle->getPrefixedText() ) );
}
$wgOut->addHTML( $this->buildForm() );
$this->getOutput()->setPagetitle( wfMsg( 'actioncomplete' ) );
$this->getOutput()->addWikiMsg(
'deletedtext',
- $this->getTitle()->getPrefixedText(),
+ wfEscapeWikiText( $this->getTitle()->getPrefixedText() ),
'[[Special:Log/delete|' . wfMsgNoTrans( 'deletionlog' ) . ']]'
);
$this->getOutput()->returnToMain( false );
if( $type == Block::TYPE_USER ){
# TODO: why do we not have a User->exists() method?
if( !$target->getId() ){
- return wfMessage( 'nosuchusershort', $target->getName() );
+ return wfMessage( 'nosuchusershort',
+ wfEscapeWikiText( $target->getName() ) );
}
$status = self::checkUnblockSelf( $target );
break;
case self::NOT_EXISTS:
if( $wgUser->isAllowed( 'createaccount' ) ) {
- $this->mainLoginForm( wfMsgExt( 'nosuchuser', 'parseinline', $this->mUsername ) );
+ $this->mainLoginForm( wfMsgExt( 'nosuchuser', 'parseinline',
+ wfEscapeWikiText( $this->mUsername ) ) );
} else {
- $this->mainLoginForm( wfMsg( 'nosuchusershort', htmlspecialchars( $this->mUsername ) ) );
+ $this->mainLoginForm( wfMsg( 'nosuchusershort',
+ wfEscapeWikiText( $this->mUsername ) ) );
}
break;
case self::WRONG_PASS:
'nosuchuser' => 'There is no user by the name "$1".
Usernames are case sensitive.
Check your spelling, or [[Special:UserLogin/signup|create a new account]].',
-'nosuchusershort' => 'There is no user by the name "<nowiki>$1</nowiki>".
+'nosuchusershort' => 'There is no user by the name "$1".
Check your spelling.',
'nouserspecified' => 'You have to specify a username.',
'login-userblocked' => 'This user is blocked. Login not allowed.',
You can [[Special:Search/{{PAGENAME}}|search for this page title]] in other pages,
or <span class="plainlinks">[{{fullurl:{{#Special:Log}}|page={{FULLPAGENAMEE}}}} search the related logs]</span>.',
'noarticletextanon' => '{{int:noarticletext}}', # do not translate or duplicate this message to other languages
-'userpage-userdoesnotexist' => 'User account "<nowiki>$1</nowiki>" is not registered.
+'userpage-userdoesnotexist' => 'User account "$1" is not registered.
Please check if you want to create/edit this page.',
-'userpage-userdoesnotexist-view' => 'User account "<nowiki>$1</nowiki>" is not registered.',
+'userpage-userdoesnotexist-view' => 'User account "$1" is not registered.',
'blocked-notice-logextract' => 'This user is currently blocked.
The latest block log entry is provided below for reference:',
'clearyourcache' => "'''Note: After saving, you may have to bypass your browser's cache to see the changes.'''
Please confirm that you intend to do this, that you understand the consequences, and that you are doing this in accordance with [[{{MediaWiki:Policy-url}}|the policy]].',
'actioncomplete' => 'Action complete',
'actionfailed' => 'Action failed',
-'deletedtext' => '"<nowiki>$1</nowiki>" has been deleted.
+'deletedtext' => '"$1" has been deleted.
See $2 for a record of recent deletions.',
'deletedarticle' => 'deleted "[[$1]]"',
'suppressedarticle' => 'suppressed "[[$1]]"',
'protect_expiry_invalid' => 'Expiry time is invalid.',
'protect_expiry_old' => 'Expiry time is in the past.',
'protect-unchain-permissions' => 'Unlock further protect options',
-'protect-text' => "You may view and change the protection level here for the page '''<nowiki>$1</nowiki>'''.",
+'protect-text' => "You may view and change the protection level here for the page '''$1'''.",
'protect-locked-blocked' => "You cannot change protection levels while blocked.
Here are the current settings for the page '''$1''':",
'protect-locked-dblock' => "Protection levels cannot be changed due to an active database lock.