From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 3 Mar 2006 08:13:13 +0000 (+0000)
Subject: * (bug 5152) Proper HTML escaping on subpage breadcrumbs
X-Git-Tag: 1.6.0~236
X-Git-Url: http://git.cyclocoop.org/%27.parametre_url%28%20%20%20generer_action_auteur%28%27charger_plugin%27%2C%20%27update_flux%27%29%2C%27update_flux%27%2C%20%27oui%27%29.%27?a=commitdiff_plain;h=0493ce30c1dc83743d0a0edb9ca467e60c66936e;p=lhc%2Fweb%2Fwiklou.git

* (bug 5152) Proper HTML escaping on subpage breadcrumbs
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 8c2c531679..06e0502c11 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -675,6 +675,8 @@ fully support the editing toolbar, but was found to be too confusing.
   with an empty main textbox (user probably hit Enter in subject field)
 * (bug 5141) Gracefully handle the new account link when createaccount off
 * (bug 5150 and related) Fix missing ID attribute in HTML namespace selector
+* (bug 5152) Proper HTML escaping on subpage breadcrumbs
+
 
 === Caveats ===
 
diff --git a/includes/Skin.php b/includes/Skin.php
index 3b55ec9320..4b506fe245 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -697,7 +697,7 @@ END;
 					$c++;
 					if ($c<count($links)) {
 						$growinglink .= $link;
-						$getlink = $this->makeLink( $growinglink, $link );
+						$getlink = $this->makeLink( $growinglink, htmlspecialchars( $link ) );
 						if(preg_match('/class="new"/i',$getlink)) { break; } # this is a hack, but it saves time
 						if ($c>1) {
 							$subpages .= ' | ';