From c27d8f8bfa37fd56fc607d9e5ccb8d134940e5b5 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sat, 10 Apr 2004 04:28:19 +0000
Subject: [PATCH] Try to escape unaccompanied ampersands. This doesn't yet
 verify that named character entities are valid, however.

---
 includes/Parser.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/includes/Parser.php b/includes/Parser.php
index 1bec4abc3a..548f8ff1a1 100644
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -495,12 +495,13 @@ class Parser
 			"/<\\/center *>/i" => '</span>'
 		);
 		$text = preg_replace( array_keys($fixtags), array_values($fixtags), $text );
-		// another round, but without regex
-		$fixtags = array(
-			'& ' => '&amp;',
-			'&<' => '&amp;<',
-		);
-		$text = str_replace( array_keys($fixtags), array_values($fixtags), $text );
+
+		# Clean up spare ampersands; note that we probably ought to be
+		# more careful about named entities.
+		$text = preg_replace(
+			'/&(?!:amp;|#[Xx][0-9A-fa-f]+;|#[0-9]+;|[a-zA-Z0-9]+;)/',
+			'&amp;',
+			$text );
 
 		$text .= $this->categoryMagic () ;
 		
-- 
2.20.1