From 13460975663840eabf722a8a227af20f3a014d4f Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 10 Sep 2007 21:01:40 +0000
Subject: [PATCH] * (bug 11158) Fix escaping in API HTML-formatted JSON

---
 RELEASE-NOTES                  | 1 +
 includes/api/ApiFormatBase.php | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 04836238f4..9f76ecdcc7 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -44,6 +44,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   editinterface to a new permission key editusercssjs.
 * (bug 11266) Set fallback language for Fulfulde (ff) to French
 * (bug 11179) Include image version deletion comment in public log
+* (bug 11158) Fix escaping in API HTML-formatted JSON
 
 
 === API changes in 1.12 ===
diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php
index 209abd23d4..b69ebafe09 100644
--- a/includes/api/ApiFormatBase.php
+++ b/includes/api/ApiFormatBase.php
@@ -158,8 +158,11 @@ See <a href='http://www.mediawiki.org/wiki/API'>complete documentation</a>, or
 	* This method also replaces any '<' with &lt;
 	*/
 	protected function formatHTML($text) {
-		// encode all tags as safe blue strings
-		$text = ereg_replace('\<([^>]+)\>', '<span style="color:blue;">&lt;\1&gt;</span>', $text);
+		// Escape everything first for full coverage
+		$text = htmlspecialchars($text);
+		
+		// encode all comments or tags as safe blue strings
+		$text = preg_replace('/\&lt;(!--.*?--|.*?)\&gt;/', '<span style="color:blue;">&lt;\1&gt;</span>', $text);
 		// identify URLs
 		$protos = "http|https|ftp|gopher";
 		$text = ereg_replace("($protos)://[^ \\'\"()<\n]+", '<a href="\\0">\\0</a>', $text);
-- 
2.20.1