From: Brian Wolff <bawolff+wn@gmail.com>
Date: Fri, 27 Oct 2017 08:30:48 +0000 (+0000)
Subject: Html escape the timestamp in Special:Undelete
X-Git-Tag: 1.31.0-rc.0~1660
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/categories/modifier.php?a=commitdiff_plain;h=7b05646d1ddc46d2dc3af553c6a95dc45ca61ef7;p=lhc%2Fweb%2Fwiklou.git

Html escape the timestamp in Special:Undelete

Change-Id: I377effe4050d961ec6295a9fe684e4ff6a71bc77
---

diff --git a/includes/specials/SpecialUndelete.php b/includes/specials/SpecialUndelete.php
index 740207d6b9..62a48c646e 100644
--- a/includes/specials/SpecialUndelete.php
+++ b/includes/specials/SpecialUndelete.php
@@ -969,7 +969,7 @@ class SpecialUndelete extends SpecialPage {
 			$key = urlencode( $row->fa_storage_key );
 			$pageLink = $this->getFileLink( $file, $this->getPageTitle(), $ts, $key );
 		} else {
-			$pageLink = $this->getLanguage()->userTimeAndDate( $ts, $user );
+			$pageLink = htmlspecialchars( $this->getLanguage()->userTimeAndDate( $ts, $user ) );
 		}
 		$userLink = $this->getFileUser( $file );
 		$data = $this->msg( 'widthheight' )->numParams( $row->fa_width, $row->fa_height )->text();
@@ -1049,7 +1049,7 @@ class SpecialUndelete extends SpecialPage {
 		$time = $this->getLanguage()->userTimeAndDate( $ts, $user );
 
 		if ( !$file->userCan( File::DELETED_FILE, $user ) ) {
-			return '<span class="history-deleted">' . $time . '</span>';
+			return '<span class="history-deleted">' . htmlspecialchars( $time ) . '</span>';
 		}
 
 		$link = $this->getLinkRenderer()->makeKnownLink(