From 0fa4b1f3852477b35b6ce69d1511dde7300ae73e Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 14 Oct 2004 06:52:42 +0000
Subject: [PATCH] escape html output

---
 includes/SpecialImagelist.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/SpecialImagelist.php b/includes/SpecialImagelist.php
index af2df34c34..cc42ad45cf 100644
--- a/includes/SpecialImagelist.php
+++ b/includes/SpecialImagelist.php
@@ -113,8 +113,8 @@ function wfSpecialImagelist() {
 		else { $ul = $sk->makeLink( $wgContLang->getNsText(
 		  Namespace::getUser() ) . ":{$ut}", $ut ); }
 
-		$ilink = "<a href=\"" . Image::wfImageUrl( $name ) .
-		  "\">{$name}</a>";
+		$ilink = "<a href=\"" . htmlspecialchars( Image::wfImageUrl( $name ) ) .
+		  "\">" . htmlspecialchars( $name ) . "</a>";
 
 		$nb = wfMsg( "nbytes", $wgLang->formatNum( $s->img_size ) );
 		$l = "(" .
@@ -124,7 +124,7 @@ function wfSpecialImagelist() {
 		  $wgLang->timeanddate( $s->img_timestamp, true );
 
 		if ( "" != $s->img_description ) {
-			$l .= " <em>({$s->img_description})</em>";
+			$l .= ' <i>(' . $sk->formatComment( $s->img_description ) . ')</i>';
 		}
 		$wgOut->addHTML( "{$l}<br />\n" );
 	}
-- 
2.20.1