$q = $wgRequest->getText( 'q' );
$encQ = htmlspecialchars( $q );
- $action = $wgTitle->getLocalUrl();
- $ok = wfMsg( "ok" );
+ $action = $wgTitle->escapeLocalUrl();
+ $ok = htmlspecialchars( wfMsg( "ok" ) );
- $wgOut->addHTML( "
-<form name=ucf method=post action=\"$action\">
-<textarea rows=15 cols=80 name=q>
-$encQ
-</textarea><br />
-<input type=submit name=submit value=\"$ok\"><br /><br />
-</form>" );
+ $wgOut->addHTML( <<<END
+<form name="ucf" method="post" action="$action">
+<textarea rows="15" cols="80" name="q">$encQ</textarea><br />
+<input type="submit" name="submit" value="$ok" /><br /><br />
+</form>
+END
+);
if ( !is_null( $q ) ) {
- $html = wfUtf8ToHTML( $q );
- $wgOut->addHTML( "\n\n\n" . nl2br( $html ) . "\n<hr>\n" .
+ $html = wfUtf8ToHTML( htmlspecialchars( $q ) );
+ $wgOut->addHTML( "\n\n\n" . nl2br( $html ) . "\n<hr />\n" .
nl2br( htmlspecialchars( $html ) ) . "\n\n" );
}
}