From: Aryeh Gregor Date: Mon, 24 Sep 2007 04:56:37 +0000 (+0000) Subject: "' onload='send_me_your_credit_card_info()" would be an interesting page name, don... X-Git-Tag: 1.31.0-rc.0~51316 X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_ecrire%28%22suivi_revisions%22%29%20.%20%22?a=commitdiff_plain;h=7c8edcb9cb89f8b903466bcb51d6b6d4f4b126d7;p=lhc%2Fweb%2Fwiklou.git "' onload='send_me_your_credit_card_info()" would be an interesting page name, don't you think? --- diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 9fa2d409ad..82e19d548e 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -1282,25 +1282,25 @@ class OutputPage { global $wgSitename; $rctitle = SpecialPage::getTitleFor( 'Recentchanges' ); $link = $rctitle->escapeFullURL( 'feed=rss' ); - $title = wfMsg( 'site-rss-feed', $wgSitename ); + $title = Sanitizer::encodeAttribute( wfMsg( 'site-rss-feed', $wgSitename ) ); $ret .= "\n"; $link = $rctitle->escapeFullURL( 'feed=atom' ); - $title = wfMsg( 'site-atom-feed', $wgSitename ); + $title = Sanitizer::encodeAttribute( wfMsg( 'site-atom-feed', $wgSitename ) ); $ret .= "\n"; if( $this->isSyndicated() ) { # FIXME: centralize the mime-type and name information in Feed.php - $link = $wgRequest->escapeAppendQuery( 'feed=rss' ); # Use the page name for the title (accessed through $wgTitle since # there's no other way). In principle, this could lead to issues # with having the same name for different feeds corresponding to # the same page, but we can't avoid that at this low a level. global $wgTitle; $pagetitle = $wgTitle->getPrefixedText(); - $title = wfMsg( 'page-rss-feed', $pagetitle ); + $link = $wgRequest->escapeAppendQuery( 'feed=rss' ); + $title = Sanitizer::encodeAttribute( wfMsg( 'page-rss-feed', $pagetitle ) ); $ret .= "\n"; $link = $wgRequest->escapeAppendQuery( 'feed=atom' ); - $title = wfMsg( 'page-atom-feed', $pagetitle ); + $title = Sanitizer::encodeAttribute( wfMsg( 'page-atom-feed', $pagetitle ) ); $ret .= "\n"; }