From c733ea591082facc708293bf68f25c83ade6219e Mon Sep 17 00:00:00 2001
From: River Tarnell <kateturner@users.mediawiki.org>
Date: Thu, 14 Oct 2004 05:08:33 +0000
Subject: [PATCH] fix xss attack

---
 includes/OutputPage.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 0e8d533844..f6a4a1a869 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -673,6 +673,7 @@ class OutputPage {
 		if ( $returnto == NULL ) {
 			$returnto = $wgRequest->getText( 'returnto' );
 		}
+		$returnto = htmlspecialchars( $returnto );
 
 		$sk = $wgUser->getSkin();
 		if ( '' == $returnto ) {
-- 
2.20.1