From: Alex Z <mrzman@users.mediawiki.org>
Date: Wed, 16 Sep 2009 05:29:44 +0000 (+0000)
Subject: (bug 20655) If $wgHtml5 is false, run attribute values through Sanitizer::encodeAttri... 
X-Git-Tag: 1.31.0-rc.0~39715
X-Git-Url: http://git.cyclocoop.org/%22.%28%24lien.?a=commitdiff_plain;h=e886186e4162b560127d7f6266c78de2827e7504;p=lhc%2Fweb%2Fwiklou.git

(bug 20655) If $wgHtml5 is false, run attribute values through Sanitizer::encodeAttribute()
---

diff --git a/includes/Html.php b/includes/Html.php
index bece509482..1010fc338f 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -335,13 +335,17 @@ class Html {
 				# and we don't need <> escaped here, we may as well not call
 				# htmlspecialchars().  FIXME: verify that we actually need to
 				# escape \n\r\t here, and explain why, exactly.
-				$ret .= " $key=$quote" . strtr( $value, array(
-					'&' => '&amp;',
-					'"' => '&quot;',
-					"\n" => '&#10;',
-					"\r" => '&#13;',
-					"\t" => '&#9;'
-				) ) . $quote;
+				if ( $wgHtml5 ) {
+					$ret .= " $key=$quote" . strtr( $value, array(
+						'&' => '&amp;',
+						'"' => '&quot;',
+						"\n" => '&#10;',
+						"\r" => '&#13;',
+						"\t" => '&#9;'
+					) ) . $quote;
+				} else {
+					$ret .= " $key=$quote" . Sanitizer::encodeAttribute( $value ) . $quote;
+				}
 			}
 		}
 		return $ret;