class SpecialListUserRestrictionsForm {
public function getHTML() {
global $wgRequest, $wgScript, $wgTitle;
+ $action = htmlspecialchars( $wgScript );
$s = '';
$s .= Xml::fieldset( wfMsg( 'listuserrestrictions-legend' ) );
- $s .= "<form action=\"{$wgScript}\">";
+ $s .= "<form action=\"{$action}\">";
$s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );
$s .= Xml::label( wfMsgHtml( 'listuserrestrictions-type' ), 'type' ) . ' ' .
self::typeSelector( 'type', $wgRequest->getVal( 'type' ), 'type' );
class RestrictUserForm {
public static function selectUserForm( $val = null, $error = null ) {
global $wgScript, $wgTitle;
- $s = Xml::fieldset( wfMsg( 'restrictuser-userselect' ) ) . "<form action=\"{$wgScript}\">";
+ $action = htmlspecialchars( $wgScript );
+ $s = Xml::fieldset( wfMsg( 'restrictuser-userselect' ) ) . "<form action=\"{$action}\">";
if( $error )
$s .= '<p>' . $error . '</p>';
$s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );