From: River Tarnell <kateturner@users.mediawiki.org>
Date: Thu, 14 Oct 2004 04:50:14 +0000 (+0000)
Subject: fix potential xss attack
X-Git-Tag: 1.5.0alpha1~1556
X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=7a24bea2e7b80ce097efeb53a551c9cd24dba58b;p=lhc%2Fweb%2Fwiklou.git

fix potential xss attack
---

diff --git a/includes/Article.php b/includes/Article.php
index 3204b74354..c71338a29e 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -1867,7 +1867,7 @@ class Article {
 		$newcomment = wfMsg( 'revertpage', $s->old_user_text, $from );
 		$wgOut->setPagetitle( wfMsg( 'actioncomplete' ) );
 		$wgOut->setRobotpolicy( 'noindex,nofollow' );
-		$wgOut->addHTML( '<h2>' . $newcomment . "</h2>\n<hr />\n" );
+		$wgOut->addHTML( '<h2>' . htmlspecialchars( $newcomment ) . "</h2>\n<hr />\n" );
 		$this->updateArticle( Article::getRevisionText( $s ), $newcomment, 1, $this->mTitle->userIsWatching(), $bot );
 		Article::onArticleEdit( $this->mTitle );
 		$wgOut->returnToMain( false );