* (bug 5152) Proper HTML escaping on subpage breadcrumbs

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 8c2c531..06e0502 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -675,6 +675,8 @@ fully support the editing toolbar, but was found to be too confusing.
   with an empty main textbox (user probably hit Enter in subject field)
 * (bug 5141) Gracefully handle the new account link when createaccount off
 * (bug 5150 and related) Fix missing ID attribute in HTML namespace selector
+* (bug 5152) Proper HTML escaping on subpage breadcrumbs
+
 
 === Caveats ===
 

diff --git a/includes/Skin.php b/includes/Skin.php
index 3b55ec9..4b506fe 100644 (file)
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -697,7 +697,7 @@ END;
                                        $c++;
                                        if ($c<count($links)) {
                                                $growinglink .= $link;
-                                               $getlink = $this->makeLink( $growinglink, $link );
+                                               $getlink = $this->makeLink( $growinglink, htmlspecialchars( $link ) );
                                                if(preg_match('/class="new"/i',$getlink)) { break; } # this is a hack, but it saves time
                                                if ($c>1) {
                                                        $subpages .= ' | ';