From: Tim Starling <tstarling@users.mediawiki.org>
Date: Sat, 14 May 2005 05:42:29 +0000 (+0000)
Subject: fixed potential XSS vulnerability
X-Git-Tag: 1.5.0alpha2~207
X-Git-Url: http://git.cyclocoop.org//%27http:/code.google.com/p/ie7-js//%27?a=commitdiff_plain;h=4b390e9c9b77ea8c5d2244747a6e233b13a595fd;p=lhc%2Fweb%2Fwiklou.git

fixed potential XSS vulnerability
---

diff --git a/includes/MessageCache.php b/includes/MessageCache.php
index 8af4484f91..6d4b7881cf 100755
--- a/includes/MessageCache.php
+++ b/includes/MessageCache.php
@@ -234,7 +234,7 @@ class MessageCache
 		}
 		# If uninitialised, someone is trying to call this halfway through Setup.php
 		if( !$this->mInitialised ) {
-			return "&lt;$key&gt;";
+			return '&lt;' . htmlspecialchars($key) . '&gt;';
 		}
 		# If cache initialization was deferred, start it now.
 		if( $this->mDeferred ) {
@@ -277,7 +277,7 @@ class MessageCache
 		
 		# Final fallback
 		if( !$message ) {
-			$message = "&lt;$key&gt;";
+			return '&lt;' . htmlspecialchars($key) . '&gt;';
 		}
 
 		# Replace brace tags