Fix injection/cross-site scripting issue (report from Nick Jenkins)

author Rob Church <robchurch@users.mediawiki.org>

Sat, 24 Jun 2006 03:13:57 +0000 (03:13 +0000)

committer Rob Church <robchurch@users.mediawiki.org>

Sat, 24 Jun 2006 03:13:57 +0000 (03:13 +0000)
author Rob Church <robchurch@users.mediawiki.org>
Sat, 24 Jun 2006 03:13:57 +0000 (03:13 +0000)
committer Rob Church <robchurch@users.mediawiki.org>
Sat, 24 Jun 2006 03:13:57 +0000 (03:13 +0000)
diff --git a/includes/SpecialIpblocklist.php b/includes/SpecialIpblocklist.php

index 97ace8d..cc5c805 100644 (file)
--- a/includes/SpecialIpblocklist.php
+++ b/includes/SpecialIpblocklist.php
@@ -18,7 +18,7 @@ function wfSpecialIpblocklist() {
         $ipu = new IPUnblockForm( $ip, $reason );
  
         if ( "success" == $action ) {
-               $ipu->showList( wfMsgWikiHtml( 'unblocked', $ip ) );
+               $ipu->showList( wfMsgWikiHtml( 'unblocked', htmlspecialchars( $ip ) ) );
         } else if ( "submit" == $action && $wgRequest->wasPosted() &&
                 $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
                 if ( ! $wgUser->isAllowed('block') ) {
author	Rob Church <robchurch@users.mediawiki.org>
	Sat, 24 Jun 2006 03:13:57 +0000 (03:13 +0000)
committer	Rob Church <robchurch@users.mediawiki.org>
	Sat, 24 Jun 2006 03:13:57 +0000 (03:13 +0000)