From 7606490d51a594159f81bcca4ac1d9cfc5d862b8 Mon Sep 17 00:00:00 2001
From: Aryeh Gregor <simetrical@users.mediawiki.org>
Date: Fri, 2 Jul 2010 16:42:24 +0000
Subject: [PATCH] Make escapenoentities work again, broken by r68801

---
 includes/Sanitizer.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index ce508c3c20..6b1caf7cd3 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -1059,11 +1059,10 @@ class Sanitizer {
 	 * @return String: escaped input
 	 */
 	static function escapeHtmlAllowEntities( $html ) {
+		$html = Sanitizer::decodeCharReferences( $html );
 		# It seems wise to escape ' as well as ", as a matter of course.  Can't
 		# hurt.
 		$html = htmlspecialchars( $html, ENT_QUOTES );
-		$html = str_replace( '&amp;', '&', $html );
-		$html = Sanitizer::decodeCharReferences( $html );
 		return $html;
 	}
 
-- 
2.20.1