From b532948417ca768feb7b3ac3503548af46e66fd5 Mon Sep 17 00:00:00 2001
From: umherirrender <umherirrender_de.wp@web.de>
Date: Tue, 27 Jan 2015 20:44:34 +0100
Subject: [PATCH] Avoid double escaped expiry time on action=protect

Xml::option passed the first param to Html::element which escaped the
value, so no htmlspecialchars is needed for $show. The htmlspecialchar
moved closer to output, because the comparision does not need it

Bug: T85864
Change-Id: Ib8b948563095143de686756ceaf46c48cab2c5e0
---
 includes/ProtectionForm.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php
index 4eae1ce428..f777a37df4 100644
--- a/includes/ProtectionForm.php
+++ b/includes/ProtectionForm.php
@@ -412,11 +412,9 @@ class ProtectionForm {
 				} else {
 					list( $show, $value ) = explode( ":", $option );
 				}
-				$show = htmlspecialchars( $show );
-				$value = htmlspecialchars( $value );
 				$expiryFormOptions .= Xml::option(
 					$show,
-					$value,
+					htmlspecialchars( $value ),
 					$this->mExpirySelection[$action] === $value
 				) . "\n";
 			}
-- 
2.20.1