More HTML validation checks on page subtitle. Not exploitable, but could create valid...

diff --git a/includes/SpecialRecentchangeslinked.php b/includes/SpecialRecentchangeslinked.php
index cdeb225..08ca2dc 100644 (file)
--- a/includes/SpecialRecentchangeslinked.php
+++ b/includes/SpecialRecentchangeslinked.php
@@ -36,7 +36,7 @@ function wfSpecialRecentchangeslinked( $par = NULL ) {
        }
        $id = $nt->getArticleId();
        
-       $wgOut->setSubtitle( wfMsg( 'rclsub', $nt->getPrefixedText() ) );
+       $wgOut->setSubtitle( htmlspecialchars( wfMsg( 'rclsub', $nt->getPrefixedText() ) ) );
 
        if ( ! $days ) {
                $days = $wgUser->getOption( 'rcdays' );

diff --git a/includes/SpecialWatchlist.php b/includes/SpecialWatchlist.php
index a90f149..c0accda 100644 (file)
--- a/includes/SpecialWatchlist.php
+++ b/includes/SpecialWatchlist.php
@@ -22,7 +22,7 @@ function wfSpecialWatchlist( $par ) {
        $fname = 'wfSpecialWatchlist';
 
        $wgOut->setPagetitle( wfMsg( 'watchlist' ) );
-       $sub = wfMsg( 'watchlistsub', $wgUser->getName() );
+       $sub = htmlspecialchars( wfMsg( 'watchlistsub', $wgUser->getName() ) );
        $wgOut->setSubtitle( $sub );
        $wgOut->setRobotpolicy( 'noindex,nofollow' );