dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 82cd0d1)
Escape entities in h1 title html
authorAaron Schulz <aaron@users.mediawiki.org>
Tue, 30 Dec 2008 16:09:11 +0000 (16:09 +0000)
committerAaron Schulz <aaron@users.mediawiki.org>
Tue, 30 Dec 2008 16:09:11 +0000 (16:09 +0000)
includes/Skin.php patch | blob | history
includes/SkinTemplate.php patch | blob | history

diff --git a/includes/Skin.php b/includes/Skin.php
index 425aa83..0c221fe 100644 (file)
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -1018,7 +1018,7 @@ END;
 
        function pageTitle() {
                global $wgOut;
-               $s = '<h1 class="pagetitle">' . $wgOut->getPageTitle() . '</h1>';
+               $s = '<h1 class="pagetitle">' . htmlspecialchars( $wgOut->getPageTitle() ) . '</h1>';
                return $s;
        }
 
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index fff32f1..a051b45 100644 (file)
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -183,7 +183,7 @@ class SkinTemplate extends Skin {
                wfProfileOut( __METHOD__."-stuff" );
 
                wfProfileIn( __METHOD__."-stuff2" );
-               $tpl->set( 'title', $out->getPageTitle() );
+               $tpl->set( 'title', htmlspecialchars( $out->getPageTitle() ) );
                $tpl->set( 'pagetitle', $out->getHTMLTitle() );
                $tpl->set( 'displaytitle', $out->mPageLinkTitle );
                $tpl->set( 'pageclass', $this->getPageClasses( $this->mTitle ) );
Wiklou, le Wiki du Wiklou