From 0b695ae09aada343ab59be4a3c9963995a1143b6 Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Fri, 28 Mar 2014 22:39:57 -0700
Subject: [PATCH] SECURITY: escape sortKey in pageInfo

DEFAULTSORT isn't escaped before being added to the action=info table.

Bug: 63251
Change-Id: I087bfde8cbc69c3507f68ee3cb6e22aba0ffa7db
---
 includes/actions/InfoAction.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/actions/InfoAction.php b/includes/actions/InfoAction.php
index 06e36676b3..6b254603d3 100644
--- a/includes/actions/InfoAction.php
+++ b/includes/actions/InfoAction.php
@@ -262,6 +262,7 @@ class InfoAction extends FormlessAction {
 			$sortKey = $pageProperties['defaultsort'];
 		}
 
+		$sortKey = htmlspecialchars( $sortKey );
 		$pageInfo['header-basic'][] = array( $this->msg( 'pageinfo-default-sort' ), $sortKey );
 
 		// Page length (in bytes)
-- 
2.20.1