From c60f865268abb12e7ddf6d842a6a50bb705aebc5 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 11 Feb 2005 06:43:09 +0000
Subject: [PATCH] Kill a <font> tag and add some html paranoia

---
 includes/SpecialUnlockdb.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/SpecialUnlockdb.php b/includes/SpecialUnlockdb.php
index fa674d7e67..222a32417a 100644
--- a/includes/SpecialUnlockdb.php
+++ b/includes/SpecialUnlockdb.php
@@ -38,10 +38,10 @@ class DBUnlockForm {
 
 		if ( "" != $err ) {
 			$wgOut->setSubtitle( wfMsg( "formerror" ) );
-			$wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
+			$wgOut->addHTML( '<p class="error">' . htmlspecialchars( $err ) . "</p>\n" );
 		}
-		$lc = wfMsg( "unlockconfirm" );
-		$lb = wfMsg( "unlockbtn" );
+		$lc = htmlspecialchars( wfMsg( "unlockconfirm" ) );
+		$lb = htmlspecialchars( wfMsg( "unlockbtn" ) );
 		$titleObj = Title::makeTitle( NS_SPECIAL, "Unlockdb" );
 		$action = $titleObj->escapeLocalURL( "action=submit" );
 
-- 
2.20.1