From 7a24bea2e7b80ce097efeb53a551c9cd24dba58b Mon Sep 17 00:00:00 2001
From: River Tarnell <kateturner@users.mediawiki.org>
Date: Thu, 14 Oct 2004 04:50:14 +0000
Subject: [PATCH] fix potential xss attack

---
 includes/Article.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Article.php b/includes/Article.php
index 3204b74354..c71338a29e 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -1867,7 +1867,7 @@ class Article {
 		$newcomment = wfMsg( 'revertpage', $s->old_user_text, $from );
 		$wgOut->setPagetitle( wfMsg( 'actioncomplete' ) );
 		$wgOut->setRobotpolicy( 'noindex,nofollow' );
-		$wgOut->addHTML( '<h2>' . $newcomment . "</h2>\n<hr />\n" );
+		$wgOut->addHTML( '<h2>' . htmlspecialchars( $newcomment ) . "</h2>\n<hr />\n" );
 		$this->updateArticle( Article::getRevisionText( $s ), $newcomment, 1, $this->mTitle->userIsWatching(), $bot );
 		Article::onArticleEdit( $this->mTitle );
 		$wgOut->returnToMain( false );
-- 
2.20.1