From: Brion Vibber <brion@users.mediawiki.org>
Date: Sat, 2 Oct 2004 20:30:04 +0000 (+0000)
Subject: * Fix for XHTML valid output
X-Git-Tag: 1.5.0alpha1~1688
X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=179e0509f1a21e6cdb8f9c907522fb7408d52916;p=lhc%2Fweb%2Fwiklou.git

* Fix for XHTML valid output
* Escape text to avoid HTML injection
---

diff --git a/extensions/UnicodeConverter.php b/extensions/UnicodeConverter.php
index cd1966a102..1012889cb9 100644
--- a/extensions/UnicodeConverter.php
+++ b/extensions/UnicodeConverter.php
@@ -23,20 +23,20 @@ class UnicodeConverter extends SpecialPage
 
 		$q = $wgRequest->getText( 'q' );
 		$encQ = htmlspecialchars( $q );
-		$action = $wgTitle->getLocalUrl();
-		$ok = wfMsg( "ok" );
+		$action = $wgTitle->escapeLocalUrl();
+		$ok = htmlspecialchars( wfMsg( "ok" ) );
 
-		$wgOut->addHTML( "
-<form name=ucf method=post action=\"$action\">
-<textarea rows=15 cols=80 name=q>
-$encQ
-</textarea><br />
-<input type=submit name=submit value=\"$ok\"><br /><br />
-</form>" );
+		$wgOut->addHTML( <<<END
+<form name="ucf" method="post" action="$action">
+<textarea rows="15" cols="80" name="q">$encQ</textarea><br />
+<input type="submit" name="submit" value="$ok" /><br /><br />
+</form>
+END
+);
 
 		if ( !is_null( $q ) ) {
-			$html = wfUtf8ToHTML( $q );
-			$wgOut->addHTML( "\n\n\n" . nl2br( $html ) . "\n<hr>\n" .
+			$html = wfUtf8ToHTML( htmlspecialchars( $q ) );
+			$wgOut->addHTML( "\n\n\n" . nl2br( $html ) . "\n<hr />\n" .
 			  nl2br( htmlspecialchars( $html ) ) . "\n\n" );
 		}
 	}