dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: efc27d1)
fix sidebar HTML escaping in CologneBlue
authorMatmaRex <matma.rex@gmail.com>
Mon, 22 Oct 2012 20:17:05 +0000 (22:17 +0200)
committerMatmaRex <matma.rex@gmail.com>
Mon, 22 Oct 2012 20:17:05 +0000 (22:17 +0200)
In my defense, it wasn't documented anywhere that it isn't safe to output.
I added docs in If56df0a7.

Change-Id: I6df92c628e46666efab3012073bf06673f844a0b

skins/CologneBlue.php patch | blob | history

diff --git a/skins/CologneBlue.php b/skins/CologneBlue.php
index 32aa902..68d92ce 100644 (file)
--- a/skins/CologneBlue.php
+++ b/skins/CologneBlue.php
@@ -647,7 +647,7 @@ class CologneBlueTemplate extends BaseTemplate {
 
                                        $headingMsg = wfMessage( $heading );
                                        $any_link = false;
-                                       $t = $this->menuHead( $headingMsg->exists() ? $headingMsg->text() : $heading );
+                                       $t = $this->menuHead( $headingMsg->exists() ? $headingMsg->text() : htmlspecialchars( $heading ) );
 
                                        foreach ( $links as $key => $link ) {
                                                // Can be empty due to rampant sidebar massaging we're doing above
Wiklou, le Wiki du Wiklou