title escaping

diff --git a/includes/PageHistory.php b/includes/PageHistory.php
index 27ff210..0447307 100644 (file)
--- a/includes/PageHistory.php
+++ b/includes/PageHistory.php
@@ -114,8 +114,8 @@ class PageHistory {
                global $wgTitle;
                $this->lastdate = $this->lastline = "";
                $s = "\n<p>" . wfMsg( "histlegend" ).'</p>'; 
-               $s .="\n<form action=\"" . $wgTitle->getFullURL("-") . "\" method=\"get\">";
-               $s .= "<input type=\"hidden\" name=\"title\" value=\"".htmlspecialchars($wgTitle->getPrefixedDbKey())."\"/>\n";
+               $s .="\n<form action=\"" . $wgTitle->getFullURL("") . "\" method=\"get\">";
+               $s .= "<input type=\"hidden\" name=\"title\" value=\"".wfEscapeHTML($wgTitle->getPrefixedDbKey())."\"/>\n";
                $s .= !empty($this->submitbuttonhtml) ? $this->submitbuttonhtml."\n":'';
                $s .= "" . "\n<ul id=\"pagehistory\" >";
                return $s;