From b06d890e0a62168f05dc6af8f53e0f496dea07d5 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sun, 2 Apr 2006 04:09:42 +0000
Subject: [PATCH] Live fix: escape <, >, and " chars that sneak into tables,
 etc due to parser ordering bugs

---
 includes/Sanitizer.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 45f7a49d5d..37b2389308 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -577,6 +577,9 @@ class Sanitizer {
 			# Templates and links may be expanded in later parsing,
 			# creating invalid or dangerous output. Suppress this.
 			$value = strtr( $value, array(
+				'<'    => '&lt;',   // This should never happen,
+				'>'    => '&gt;',   // we've received invalid input
+				'"'    => '&quot;', // which should have been escaped.
 				'{'    => '&#123;',
 				'['    => '&#91;',
 				"''"   => '&#39;&#39;',
-- 
2.20.1