From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Tue, 30 Dec 2008 16:09:11 +0000 (+0000)
Subject: Escape entities in h1 title html
X-Git-Tag: 1.31.0-rc.0~43698
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/password.php?a=commitdiff_plain;h=4223b1c209a549538815c81f64b7d8fd1dec2d58;p=lhc%2Fweb%2Fwiklou.git

Escape entities in h1 title html
---

diff --git a/includes/Skin.php b/includes/Skin.php
index 425aa83ca8..0c221febc2 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -1018,7 +1018,7 @@ END;
 
 	function pageTitle() {
 		global $wgOut;
-		$s = '<h1 class="pagetitle">' . $wgOut->getPageTitle() . '</h1>';
+		$s = '<h1 class="pagetitle">' . htmlspecialchars( $wgOut->getPageTitle() ) . '</h1>';
 		return $s;
 	}
 
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index fff32f1b41..a051b45d17 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -183,7 +183,7 @@ class SkinTemplate extends Skin {
 		wfProfileOut( __METHOD__."-stuff" );
 
 		wfProfileIn( __METHOD__."-stuff2" );
-		$tpl->set( 'title', $out->getPageTitle() );
+		$tpl->set( 'title', htmlspecialchars( $out->getPageTitle() ) );
 		$tpl->set( 'pagetitle', $out->getHTMLTitle() );
 		$tpl->set( 'displaytitle', $out->mPageLinkTitle );
 		$tpl->set( 'pageclass', $this->getPageClasses( $this->mTitle ) );