X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/operations/recherche.php?a=blobdiff_plain;f=includes%2Fparser%2FParser.php;h=a3abcad05f58c14d993d692360e1af250a452048;hb=7e4a134f49d05c93c70968d238671b680922b79c;hp=96674becd4dc464910f9b125bf026d25218c1daa;hpb=64eaaec96fa8144f441b5701b1edff22f59e57f9;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 96674becd4..a3abcad05f 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -121,9 +121,14 @@ class Parser {
 	 *
 	 * Must not consist of all title characters, or else it will change
 	 * the behavior of <nowiki> in a link.
+	 *
+	 * Must have a character that needs escaping in attributes, otherwise
+	 * someone could put a strip marker in an attribute, to get around
+	 * escaping quote marks, and break out of the attribute. Thus we add
+	 * `'".
 	 */
-	const MARKER_SUFFIX = "-QINU\x7f";
-	const MARKER_PREFIX = "\x7fUNIQ-";
+	const MARKER_SUFFIX = "-QINU`\"'\x7f";
+	const MARKER_PREFIX = "\x7f'\"`UNIQ-";
 
 	# Markers used for wrapping the table of contents
 	const TOC_START = '<mw:toc>';