fix xss attack

diff --git a/includes/SpecialGeo.php b/includes/SpecialGeo.php
index 04e6c2b..c4af429 100644 (file)
--- a/includes/SpecialGeo.php
+++ b/includes/SpecialGeo.php
@@ -28,7 +28,7 @@
  */
 function wfSpecialGeo( $page = '' ) {
        global $wgOut, $wgLang, $wgRequest;
-       $coordinates = $wgRequest->getText( 'coordinates' ) ;
+       $coordinates = htmlspecialchars( $wgRequest->getText( 'coordinates' ) );
        $coordinates = explode ( ":" , $coordinates ) ;
        $ns = array_shift ( $coordinates ) ;
        $ew = array_shift ( $coordinates ) ;