From: Brion Vibber <brion@users.mediawiki.org>
Date: Sun, 2 Apr 2006 04:09:42 +0000 (+0000)
Subject: Live fix: escape <, >, and " chars that sneak into tables, etc due to parser ordering... 
X-Git-Tag: 1.6.0~71
X-Git-Url: http://git.cyclocoop.org/%24href?a=commitdiff_plain;h=b06d890e0a62168f05dc6af8f53e0f496dea07d5;p=lhc%2Fweb%2Fwiklou.git

Live fix: escape <, >, and " chars that sneak into tables, etc due to parser ordering bugs
---

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 45f7a49d5d..37b2389308 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -577,6 +577,9 @@ class Sanitizer {
 			# Templates and links may be expanded in later parsing,
 			# creating invalid or dangerous output. Suppress this.
 			$value = strtr( $value, array(
+				'<'    => '&lt;',   // This should never happen,
+				'>'    => '&gt;',   // we've received invalid input
+				'"'    => '&quot;', // which should have been escaped.
 				'{'    => '&#123;',
 				'['    => '&#91;',
 				"''"   => '&#39;&#39;',