From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 24 Jun 2004 05:32:52 +0000 (+0000)
Subject: Be a little more careful about escaping displayed usernames
X-Git-Tag: 1.5.0alpha1~2788
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/categories/modifier.php?a=commitdiff_plain;h=6c8ce97c135c3a8f0e4f29bf62afdd5ded1ba13b;p=lhc%2Fweb%2Fwiklou.git

Be a little more careful about escaping displayed usernames
---

diff --git a/includes/PageHistory.php b/includes/PageHistory.php
index 56f673fa74..3eeaa9d419 100644
--- a/includes/PageHistory.php
+++ b/includes/PageHistory.php
@@ -162,10 +162,10 @@ class PageHistory {
 
 		if ( 0 == $u ) {
 			$ul = $this->mSkin->makeKnownLink( $wgLang->specialPage( "Contributions" ),
-				$ut, "target=" . $ut );
+				htmlspecialchars( $ut ), "target=" . urlencode( $ut ) );
 		} else { 
 			$ul = $this->mSkin->makeLink( $wgLang->getNsText(
-				Namespace::getUser() ) . ":{$ut}", $ut );
+				Namespace::getUser() ) . ":{$ut}", htmlspecialchars( $ut ) );
 		}
 
 		$s = "<li>";
diff --git a/includes/SpecialContributions.php b/includes/SpecialContributions.php
index 91568141da..0dcd5ebfc3 100644
--- a/includes/SpecialContributions.php
+++ b/includes/SpecialContributions.php
@@ -33,7 +33,7 @@ function wfSpecialContributions( $par = "" )
 	if ( 0 == $id ) {
 		$ul = $nt->getText();
 	} else {
-		$ul = $sk->makeLinkObj( $nt, $nt->getText() );
+		$ul = $sk->makeLinkObj( $nt, htmlspecialchars( $nt->getText() ) );
 		$userCond = "=" . $id;
 	}
 	$talk = $nt->getTalkPage();