From dc9a0d3de09258cd99151fdeabeff18a2bc69954 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 14 Oct 2004 05:30:30 +0000
Subject: [PATCH] Escape HTML output

---
 includes/SpecialUnusedimages.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/includes/SpecialUnusedimages.php b/includes/SpecialUnusedimages.php
index 60a6e18b28..574899b7bd 100644
--- a/includes/SpecialUnusedimages.php
+++ b/includes/SpecialUnusedimages.php
@@ -32,21 +32,21 @@ class UnusedimagesPage extends QueryPage {
 	function formatResult( $skin, $result ) {
 		global $wgLang, $wgContLang;
 		$title = Title::makeTitle( NS_IMAGE, $result->title );
-		$ins = $wgContLang->getNsText(NS_IMAGE);
 		
+		$imageUrl = htmlspecialchars( Image::wfImageUrl( $result->title ) );
 		$return =
 		# The 'desc' linking to the image page
-		'('.$skin->makeKnownLink( $ins.':'.$result->title, wfMsg('imgdesc') ).') '
+		'('.$skin->makeKnownLinkObj( $title, wfMsg('imgdesc') ).') '
 		# Link to the image itself
-		. '<a href="'.Image::wfImageUrl($title->getText()).'">'.$title->getText().'</a>'
+		. '<a href="' . $imageUrl . '">' . htmlspecialchars( $title->getText() ) . '</a>'
 		# Last modified date
 		. ' . . '.$wgLang->timeanddate($result->value)
 		# Link to username
-		. ' . . '.$skin->makeLink($wgContLang->getNsText(NS_USER).':'.$result->img_user_text,$result->img_user_text);
+		. ' . . '.$skin->makeLinkObj( Title::makeTitle( NS_USER, $result->img_user_text ), $result->img_user_text);
 		
 		# If there is a description, show it
 		if($result->img_description != '') {
-			$return .= ' <em>('.$result->img_description.')</em>';
+			$return .= ' <i>(' . $skin->formatComment( $result->img_description ) . ')</i>';
 		}
 		return $return;
 	}
-- 
2.20.1