fix xss attack if wgRawHtml is enabled

diff --git a/includes/SpecialMovepage.php b/includes/SpecialMovepage.php
index ebbd79d..dbba17d 100644 (file)
--- a/includes/SpecialMovepage.php
+++ b/includes/SpecialMovepage.php
@@ -209,7 +209,10 @@ class MovePageForm {
                $talkmoved = $wgRequest->getVal('talkmoved');
 
                $text = wfMsg( 'pagemovedtext', $oldtitle, $newtitle );
+               $marchingantofdoom = $wgRawHtml;
+               $wgRawHtml = false;
                $wgOut->addWikiText( $text );
+               $wgRawHtml = $marchingantofdoom;
 
                if ( $talkmoved == 1 ) {
                        $wgOut->addHTML( "\n<p>" . wfMsg( 'talkpagemoved' ) . "</p>\n" );