From a0653f7dd059d245c82632a068fdcaa98ee3d04c Mon Sep 17 00:00:00 2001
From: umherirrender <umherirrender_de.wp@web.de>
Date: Tue, 27 Jan 2015 21:47:55 +0100
Subject: [PATCH] Fully escape return value from
 FileDuplicateSearchPage::formatResult

Also avoids unneeded recreation of a title object

Bug: T85864
Change-Id: I0298887e2ee5da9c1694393fb06cfa5eed0e46d3
---
 includes/specials/SpecialFileDuplicateSearch.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/includes/specials/SpecialFileDuplicateSearch.php b/includes/specials/SpecialFileDuplicateSearch.php
index 0ebbbc90b2..607b4f6f12 100644
--- a/includes/specials/SpecialFileDuplicateSearch.php
+++ b/includes/specials/SpecialFileDuplicateSearch.php
@@ -196,7 +196,7 @@ class FileDuplicateSearchPage extends QueryPage {
 	 *
 	 * @param Skin $skin
 	 * @param File $result
-	 * @return string
+	 * @return string HTML
 	 */
 	function formatResult( $skin, $result ) {
 		global $wgContLang;
@@ -204,8 +204,8 @@ class FileDuplicateSearchPage extends QueryPage {
 		$nt = $result->getTitle();
 		$text = $wgContLang->convert( $nt->getText() );
 		$plink = Linker::link(
-			Title::newFromText( $nt->getPrefixedText() ),
-			$text
+			$nt,
+			htmlspecialchars( $text )
 		);
 
 		$userText = $result->getUser( 'text' );
@@ -220,7 +220,8 @@ class FileDuplicateSearchPage extends QueryPage {
 			$user = htmlspecialchars( $userText );
 		}
 
-		$time = $this->getLanguage()->userTimeAndDate( $result->getTimestamp(), $this->getUser() );
+		$time = htmlspecialchars( $this->getLanguage()->userTimeAndDate(
+			$result->getTimestamp(), $this->getUser() ) );
 
 		return "$plink . . $user . . $time";
 	}
-- 
2.20.1