From e58fd4c9e135c43fe49fffcc1ff532250b41be7c Mon Sep 17 00:00:00 2001
From: MatmaRex <matma.rex@gmail.com>
Date: Mon, 22 Oct 2012 22:17:05 +0200
Subject: [PATCH] fix sidebar HTML escaping in CologneBlue

In my defense, it wasn't documented anywhere that it isn't safe to output.
I added docs in If56df0a7.

Change-Id: I6df92c628e46666efab3012073bf06673f844a0b
---
 skins/CologneBlue.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/skins/CologneBlue.php b/skins/CologneBlue.php
index 32aa9024cc..68d92ce1e1 100644
--- a/skins/CologneBlue.php
+++ b/skins/CologneBlue.php
@@ -647,7 +647,7 @@ class CologneBlueTemplate extends BaseTemplate {
 
 					$headingMsg = wfMessage( $heading );
 					$any_link = false;
-					$t = $this->menuHead( $headingMsg->exists() ? $headingMsg->text() : $heading );
+					$t = $this->menuHead( $headingMsg->exists() ? $headingMsg->text() : htmlspecialchars( $heading ) );
 
 					foreach ( $links as $key => $link ) {
 						// Can be empty due to rampant sidebar massaging we're doing above
-- 
2.20.1