There is no need to escape double quotes in content of HTML and in HTML
comments.
ENT_NOQUOTES escapes '<', '>', '&' but not "'" and '"'.
https://secure.php.net/manual/en/function.htmlspecialchars.php
Change-Id: I7146df9582fc1d9742b9e1b0e4f03d7c7d2ed91f
* @return void
*/
function wfThumbErrorText( $status, $msgText ) {
* @return void
*/
function wfThumbErrorText( $status, $msgText ) {
- wfThumbError( $status, htmlspecialchars( $msgText ) );
+ wfThumbError( $status, htmlspecialchars( $msgText, ENT_NOQUOTES ) );
if ( $wgShowHostnames ) {
header( 'X-MW-Thumbnail-Renderer: ' . wfHostname() );
$url = htmlspecialchars(
if ( $wgShowHostnames ) {
header( 'X-MW-Thumbnail-Renderer: ' . wfHostname() );
$url = htmlspecialchars(
- isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : ''
+ isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '',
+ ENT_NOQUOTES
- $hostname = htmlspecialchars( wfHostname() );
+ $hostname = htmlspecialchars( wfHostname(), ENT_NOQUOTES );
$debug = "<!-- $url -->\n<!-- $hostname -->\n";
} else {
$debug = '';
$debug = "<!-- $url -->\n<!-- $hostname -->\n";
} else {
$debug = '';