From 0493ce30c1dc83743d0a0edb9ca467e60c66936e Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 3 Mar 2006 08:13:13 +0000
Subject: [PATCH] * (bug 5152) Proper HTML escaping on subpage breadcrumbs

---
 RELEASE-NOTES     | 2 ++
 includes/Skin.php | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 8c2c531679..06e0502c11 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -675,6 +675,8 @@ fully support the editing toolbar, but was found to be too confusing.
   with an empty main textbox (user probably hit Enter in subject field)
 * (bug 5141) Gracefully handle the new account link when createaccount off
 * (bug 5150 and related) Fix missing ID attribute in HTML namespace selector
+* (bug 5152) Proper HTML escaping on subpage breadcrumbs
+
 
 === Caveats ===
 
diff --git a/includes/Skin.php b/includes/Skin.php
index 3b55ec9320..4b506fe245 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -697,7 +697,7 @@ END;
 					$c++;
 					if ($c<count($links)) {
 						$growinglink .= $link;
-						$getlink = $this->makeLink( $growinglink, $link );
+						$getlink = $this->makeLink( $growinglink, htmlspecialchars( $link ) );
 						if(preg_match('/class="new"/i',$getlink)) { break; } # this is a hack, but it saves time
 						if ($c>1) {
 							$subpages .= ' | ';
-- 
2.20.1