Merge "SpecialActiveUsers: escape group names"

author jenkins-bot <jenkins-bot@gerrit.wikimedia.org>

Fri, 2 Dec 2016 06:09:37 +0000 (06:09 +0000)

committer Gerrit Code Review <gerrit@wikimedia.org>

Fri, 2 Dec 2016 06:09:37 +0000 (06:09 +0000)
author jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
Fri, 2 Dec 2016 06:09:37 +0000 (06:09 +0000)
committer Gerrit Code Review <gerrit@wikimedia.org>
Fri, 2 Dec 2016 06:09:37 +0000 (06:09 +0000)
diff --git a/includes/specials/SpecialActiveusers.php b/includes/specials/SpecialActiveusers.php

index 7e29be0..a01e9b2 100644 (file)
--- a/includes/specials/SpecialActiveusers.php
+++ b/includes/specials/SpecialActiveusers.php
@@ -86,7 +86,7 @@ class SpecialActiveUsers extends SpecialPage {
                 $groups = User::getAllGroups();
  
                 foreach ( $groups as $group ) {
-                       $msg = User::getGroupName( $group );
+                       $msg = htmlspecialchars( User::getGroupName( $group ) );
                         $options[$msg] = $group;
                 }
author	jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
	Fri, 2 Dec 2016 06:09:37 +0000 (06:09 +0000)
committer	Gerrit Code Review <gerrit@wikimedia.org>
	Fri, 2 Dec 2016 06:09:37 +0000 (06:09 +0000)