From: Rob Church <robchurch@users.mediawiki.org>
Date: Sat, 24 Jun 2006 03:13:57 +0000 (+0000)
Subject: Fix injection/cross-site scripting issue (report from Nick Jenkins)
X-Git-Tag: 1.31.0-rc.0~56643
X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_ecrire%28%22suivi_revisions%22%29%20.%20%22?a=commitdiff_plain;h=945ec69dfd50c01be96d922fff3abc797ecab075;p=lhc%2Fweb%2Fwiklou.git

Fix injection/cross-site scripting issue (report from Nick Jenkins)
---

diff --git a/includes/SpecialIpblocklist.php b/includes/SpecialIpblocklist.php
index 97ace8d2fe..cc5c805c09 100644
--- a/includes/SpecialIpblocklist.php
+++ b/includes/SpecialIpblocklist.php
@@ -18,7 +18,7 @@ function wfSpecialIpblocklist() {
 	$ipu = new IPUnblockForm( $ip, $reason );
 
 	if ( "success" == $action ) {
-		$ipu->showList( wfMsgWikiHtml( 'unblocked', $ip ) );
+		$ipu->showList( wfMsgWikiHtml( 'unblocked', htmlspecialchars( $ip ) ) );
 	} else if ( "submit" == $action && $wgRequest->wasPosted() &&
 		$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
 		if ( ! $wgUser->isAllowed('block') ) {