From 87c1ca1ac12057a5b9fdac74fe94b419626f7461 Mon Sep 17 00:00:00 2001
From: umherirrender <umherirrender_de.wp@web.de>
Date: Fri, 24 Jul 2015 22:02:54 +0200
Subject: [PATCH] Escape return of {{int:}} if message not exists

This avoids returning possible html tags like <var> for {{int:var}}.

Bug: T44914
Change-Id: Ibcba9129d88510e6a84282c774ebe2dbfa548462
---
 includes/parser/CoreParserFunctions.php | 10 +++++++---
 tests/parser/parserTests.txt            |  9 +++++++++
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/includes/parser/CoreParserFunctions.php b/includes/parser/CoreParserFunctions.php
index 8a30ad1a22..7639e2f837 100644
--- a/includes/parser/CoreParserFunctions.php
+++ b/includes/parser/CoreParserFunctions.php
@@ -88,9 +88,13 @@ class CoreParserFunctions {
 		if ( strval( $part1 ) !== '' ) {
 			$args = array_slice( func_get_args(), 2 );
 			$message = wfMessage( $part1, $args )
-				->inLanguage( $parser->getOptions()->getUserLangObj() )->plain();
-
-			return array( $message, 'noparse' => false );
+				->inLanguage( $parser->getOptions()->getUserLangObj() );
+			if ( !$message->exists() ) {
+				// When message does not exists, the message name is surrounded by angle
+				// and can result in a tag, therefore escape the angles
+				return $message->escaped();
+			}
+			return array( $message->plain(), 'noparse' => false );
 		} else {
 			return array( 'found' => false );
 		}
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index ab33d89fff..5fcc7bb734 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -10236,6 +10236,15 @@ int keyword
 </p>
 !! end
 
+!! test
+int keyword - non-existing message
+!! wikitext
+{{int:var}}
+!! html
+<p>&lt;var&gt;
+</p>
+!! end
+
 !! article
 Template:Includes
 !! text
-- 
2.20.1