From 4223b1c209a549538815c81f64b7d8fd1dec2d58 Mon Sep 17 00:00:00 2001
From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Tue, 30 Dec 2008 16:09:11 +0000
Subject: [PATCH] Escape entities in h1 title html

---
 includes/Skin.php         | 2 +-
 includes/SkinTemplate.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/Skin.php b/includes/Skin.php
index 425aa83ca8..0c221febc2 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -1018,7 +1018,7 @@ END;
 
 	function pageTitle() {
 		global $wgOut;
-		$s = '<h1 class="pagetitle">' . $wgOut->getPageTitle() . '</h1>';
+		$s = '<h1 class="pagetitle">' . htmlspecialchars( $wgOut->getPageTitle() ) . '</h1>';
 		return $s;
 	}
 
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index fff32f1b41..a051b45d17 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -183,7 +183,7 @@ class SkinTemplate extends Skin {
 		wfProfileOut( __METHOD__."-stuff" );
 
 		wfProfileIn( __METHOD__."-stuff2" );
-		$tpl->set( 'title', $out->getPageTitle() );
+		$tpl->set( 'title', htmlspecialchars( $out->getPageTitle() ) );
 		$tpl->set( 'pagetitle', $out->getHTMLTitle() );
 		$tpl->set( 'displaytitle', $out->mPageLinkTitle );
 		$tpl->set( 'pageclass', $this->getPageClasses( $this->mTitle ) );
-- 
2.20.1