From 5512ee6ad43462adb85f033b04950a12e9261c25 Mon Sep 17 00:00:00 2001 From: Aryeh Gregor Date: Sun, 19 Apr 2009 17:07:41 +0000 Subject: [PATCH] Fix braindead wrong escaping from r49017, r49018 URL encoding != HTML encoding! Thanks for report by Tbleher at: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/49017#c2228 --- includes/ChangesList.php | 6 +++--- includes/Title.php | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/includes/ChangesList.php b/includes/ChangesList.php index 3e34fe40c8..3efa66f9c5 100644 --- a/includes/ChangesList.php +++ b/includes/ChangesList.php @@ -578,13 +578,13 @@ class EnhancedChangesList extends ChangesList { if ( $rc_type != RC_NEW ) { $curLink = $this->message['cur']; } else { - $curUrl = wfUrlencode( $rc->getTitle()->getLinkUrl( $querycur ) ); + $curUrl = htmlspecialchars( $rc->getTitle()->getLinkUrl( $querycur ) ); $curLink = "counter}\">{$this->message['cur']}"; } $diffLink = $this->message['diff']; } else { - $diffUrl = wfUrlencode( $rc->getTitle()->getLinkUrl( $querydiff ) ); - $curUrl = wfUrlencode( $rc->getTitle()->getLinkUrl( $querycur ) ); + $diffUrl = htmlspecialchars( $rc->getTitle()->getLinkUrl( $querydiff ) ); + $curUrl = htmlspecialchars( $rc->getTitle()->getLinkUrl( $querycur ) ); $diffLink = "counter}\">{$this->message['diff']}"; $curLink = "counter}\">{$this->message['cur']}"; } diff --git a/includes/Title.php b/includes/Title.php index 782169cbf9..9968f9ab8f 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -854,6 +854,9 @@ class Title { * there's a fragment but the prefixed text is empty, we just return a link * to the fragment. * + * The result obviously should not be URL-escaped, but does need to be + * HTML-escaped if it's being output in HTML. + * * @param $query \type{\arrayof{\string}} An associative array of key => value pairs for the * query string. Keys and values will be escaped. * @param $variant \type{\string} Language variant of URL (for sr, zh..). Ignored -- 2.20.1