From: Tim Starling <tstarling@users.mediawiki.org>
Date: Wed, 1 Apr 2009 08:51:54 +0000 (+0000)
Subject: * Escape attribute values
X-Git-Tag: 1.31.0-rc.0~42254
X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_ecrire%28%22messagerie%22%29%20.%20%22?a=commitdiff_plain;h=b9868757737554d6648c9899b8bc77db33ebbacf;p=lhc%2Fweb%2Fwiklou.git

* Escape attribute values
* Document getRowClass()
---

diff --git a/includes/Pager.php b/includes/Pager.php
index e3ba4978ff..1078a74695 100644
--- a/includes/Pager.php
+++ b/includes/Pager.php
@@ -746,7 +746,7 @@ abstract class TablePager extends IndexPager {
 	}
 
 	function formatRow( $row ) {
-		$rowClass = $this->getRowClass( $row );
+		$rowClass = htmlspecialchars( $this->getRowClass( $row ) );
 		$s = "<tr class=\"$rowClass\">\n";
 		$fieldNames = $this->getFieldNames();
 		$this->mCurrentRow = $row;  # In case formatValue needs to know
@@ -763,6 +763,10 @@ abstract class TablePager extends IndexPager {
 		return $s;
 	}
 
+	/**
+	 * Get a class name to be applied to the given row.
+	 * @param object $row The database result row
+	 */
 	function getRowClass($row) {
 		return '';
 	}