Kill a <font> tag and add some html paranoia

diff --git a/includes/SpecialUnlockdb.php b/includes/SpecialUnlockdb.php
index fa674d7..222a324 100644 (file)
--- a/includes/SpecialUnlockdb.php
+++ b/includes/SpecialUnlockdb.php
@@ -38,10 +38,10 @@ class DBUnlockForm {
 
                if ( "" != $err ) {
                        $wgOut->setSubtitle( wfMsg( "formerror" ) );
-                       $wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
+                       $wgOut->addHTML( '<p class="error">' . htmlspecialchars( $err ) . "</p>\n" );
                }
-               $lc = wfMsg( "unlockconfirm" );
-               $lb = wfMsg( "unlockbtn" );
+               $lc = htmlspecialchars( wfMsg( "unlockconfirm" ) );
+               $lb = htmlspecialchars( wfMsg( "unlockbtn" ) );
                $titleObj = Title::makeTitle( NS_SPECIAL, "Unlockdb" );
                $action = $titleObj->escapeLocalURL( "action=submit" );