From: MatmaRex <matma.rex@gmail.com>
Date: Mon, 22 Oct 2012 20:17:05 +0000 (+0200)
Subject: fix sidebar HTML escaping in CologneBlue
X-Git-Tag: 1.31.0-rc.0~21844^2~1
X-Git-Url: http://git.cyclocoop.org/%22.%24h.%22?a=commitdiff_plain;h=e58fd4c9e135c43fe49fffcc1ff532250b41be7c;p=lhc%2Fweb%2Fwiklou.git

fix sidebar HTML escaping in CologneBlue

In my defense, it wasn't documented anywhere that it isn't safe to output.
I added docs in If56df0a7.

Change-Id: I6df92c628e46666efab3012073bf06673f844a0b
---

diff --git a/skins/CologneBlue.php b/skins/CologneBlue.php
index 32aa9024cc..68d92ce1e1 100644
--- a/skins/CologneBlue.php
+++ b/skins/CologneBlue.php
@@ -647,7 +647,7 @@ class CologneBlueTemplate extends BaseTemplate {
 
 					$headingMsg = wfMessage( $heading );
 					$any_link = false;
-					$t = $this->menuHead( $headingMsg->exists() ? $headingMsg->text() : $heading );
+					$t = $this->menuHead( $headingMsg->exists() ? $headingMsg->text() : htmlspecialchars( $heading ) );
 
 					foreach ( $links as $key => $link ) {
 						// Can be empty due to rampant sidebar massaging we're doing above