From 74886b186c9012cc590a68d8321dc95d5572b9d6 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 11 Feb 2005 07:16:36 +0000
Subject: [PATCH] Kill a <font> tag, add html paranoia

---
 includes/SpecialLockdb.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/includes/SpecialLockdb.php b/includes/SpecialLockdb.php
index 1635aa4d57..db07f45822 100644
--- a/includes/SpecialLockdb.php
+++ b/includes/SpecialLockdb.php
@@ -46,11 +46,11 @@ class DBLockForm {
 
 		if ( "" != $err ) {
 			$wgOut->setSubtitle( wfMsg( "formerror" ) );
-			$wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
+			$wgOut->addHTML( '<p class="error">' . htmlspecialchars( $err ) . "</p>\n" );
 		}
-		$lc = wfMsg( "lockconfirm" );
-		$lb = wfMsg( "lockbtn" );
-		$elr = wfMsg( "enterlockreason" );
+		$lc = htmlspecialchars( wfMsg( "lockconfirm" ) );
+		$lb = htmlspecialchars( wfMsg( "lockbtn" ) );
+		$elr = htmlspecialchars( wfMsg( "enterlockreason" ) );
 		$titleObj = Title::makeTitle( NS_SPECIAL, "Lockdb" );
 		$action = $titleObj->escapeLocalURL( "action=submit" );
 
-- 
2.20.1