From de595c3eed54da21b45b928528a390641465efe7 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 25 Aug 2005 04:31:46 +0000
Subject: [PATCH] More HTML validation checks on page subtitle. Not
 exploitable, but could create validation errors.

---
 includes/SpecialRecentchangeslinked.php | 2 +-
 includes/SpecialWatchlist.php           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/SpecialRecentchangeslinked.php b/includes/SpecialRecentchangeslinked.php
index cdeb225b40..08ca2dc383 100644
--- a/includes/SpecialRecentchangeslinked.php
+++ b/includes/SpecialRecentchangeslinked.php
@@ -36,7 +36,7 @@ function wfSpecialRecentchangeslinked( $par = NULL ) {
 	}
 	$id = $nt->getArticleId();
 	
-	$wgOut->setSubtitle( wfMsg( 'rclsub', $nt->getPrefixedText() ) );
+	$wgOut->setSubtitle( htmlspecialchars( wfMsg( 'rclsub', $nt->getPrefixedText() ) ) );
 
 	if ( ! $days ) {
 		$days = $wgUser->getOption( 'rcdays' );
diff --git a/includes/SpecialWatchlist.php b/includes/SpecialWatchlist.php
index a90f1492f1..c0accdaaae 100644
--- a/includes/SpecialWatchlist.php
+++ b/includes/SpecialWatchlist.php
@@ -22,7 +22,7 @@ function wfSpecialWatchlist( $par ) {
 	$fname = 'wfSpecialWatchlist';
 
 	$wgOut->setPagetitle( wfMsg( 'watchlist' ) );
-	$sub = wfMsg( 'watchlistsub', $wgUser->getName() );
+	$sub = htmlspecialchars( wfMsg( 'watchlistsub', $wgUser->getName() ) );
 	$wgOut->setSubtitle( $sub );
 	$wgOut->setRobotpolicy( 'noindex,nofollow' );
 
-- 
2.20.1