From 7c8edcb9cb89f8b903466bcb51d6b6d4f4b126d7 Mon Sep 17 00:00:00 2001 From: Aryeh Gregor Date: Mon, 24 Sep 2007 04:56:37 +0000 Subject: [PATCH] "' onload='send_me_your_credit_card_info()" would be an interesting page name, don't you think? --- includes/OutputPage.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 9fa2d409ad..82e19d548e 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -1282,25 +1282,25 @@ class OutputPage { global $wgSitename; $rctitle = SpecialPage::getTitleFor( 'Recentchanges' ); $link = $rctitle->escapeFullURL( 'feed=rss' ); - $title = wfMsg( 'site-rss-feed', $wgSitename ); + $title = Sanitizer::encodeAttribute( wfMsg( 'site-rss-feed', $wgSitename ) ); $ret .= "\n"; $link = $rctitle->escapeFullURL( 'feed=atom' ); - $title = wfMsg( 'site-atom-feed', $wgSitename ); + $title = Sanitizer::encodeAttribute( wfMsg( 'site-atom-feed', $wgSitename ) ); $ret .= "\n"; if( $this->isSyndicated() ) { # FIXME: centralize the mime-type and name information in Feed.php - $link = $wgRequest->escapeAppendQuery( 'feed=rss' ); # Use the page name for the title (accessed through $wgTitle since # there's no other way). In principle, this could lead to issues # with having the same name for different feeds corresponding to # the same page, but we can't avoid that at this low a level. global $wgTitle; $pagetitle = $wgTitle->getPrefixedText(); - $title = wfMsg( 'page-rss-feed', $pagetitle ); + $link = $wgRequest->escapeAppendQuery( 'feed=rss' ); + $title = Sanitizer::encodeAttribute( wfMsg( 'page-rss-feed', $pagetitle ) ); $ret .= "\n"; $link = $wgRequest->escapeAppendQuery( 'feed=atom' ); - $title = wfMsg( 'page-atom-feed', $pagetitle ); + $title = Sanitizer::encodeAttribute( wfMsg( 'page-atom-feed', $pagetitle ) ); $ret .= "\n"; } -- 2.20.1