From 945ec69dfd50c01be96d922fff3abc797ecab075 Mon Sep 17 00:00:00 2001
From: Rob Church <robchurch@users.mediawiki.org>
Date: Sat, 24 Jun 2006 03:13:57 +0000
Subject: [PATCH] Fix injection/cross-site scripting issue (report from Nick
 Jenkins)

---
 includes/SpecialIpblocklist.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/SpecialIpblocklist.php b/includes/SpecialIpblocklist.php
index 97ace8d2fe..cc5c805c09 100644
--- a/includes/SpecialIpblocklist.php
+++ b/includes/SpecialIpblocklist.php
@@ -18,7 +18,7 @@ function wfSpecialIpblocklist() {
 	$ipu = new IPUnblockForm( $ip, $reason );
 
 	if ( "success" == $action ) {
-		$ipu->showList( wfMsgWikiHtml( 'unblocked', $ip ) );
+		$ipu->showList( wfMsgWikiHtml( 'unblocked', htmlspecialchars( $ip ) ) );
 	} else if ( "submit" == $action && $wgRequest->wasPosted() &&
 		$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
 		if ( ! $wgUser->isAllowed('block') ) {
-- 
2.20.1