From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 25 Aug 2005 04:31:46 +0000 (+0000)
Subject: More HTML validation checks on page subtitle. Not exploitable, but could create valid... 
X-Git-Tag: 1.6.0~1810
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/fiche.php?a=commitdiff_plain;h=de595c3eed54da21b45b928528a390641465efe7;p=lhc%2Fweb%2Fwiklou.git

More HTML validation checks on page subtitle. Not exploitable, but could create validation errors.
---

diff --git a/includes/SpecialRecentchangeslinked.php b/includes/SpecialRecentchangeslinked.php
index cdeb225b40..08ca2dc383 100644
--- a/includes/SpecialRecentchangeslinked.php
+++ b/includes/SpecialRecentchangeslinked.php
@@ -36,7 +36,7 @@ function wfSpecialRecentchangeslinked( $par = NULL ) {
 	}
 	$id = $nt->getArticleId();
 	
-	$wgOut->setSubtitle( wfMsg( 'rclsub', $nt->getPrefixedText() ) );
+	$wgOut->setSubtitle( htmlspecialchars( wfMsg( 'rclsub', $nt->getPrefixedText() ) ) );
 
 	if ( ! $days ) {
 		$days = $wgUser->getOption( 'rcdays' );
diff --git a/includes/SpecialWatchlist.php b/includes/SpecialWatchlist.php
index a90f1492f1..c0accdaaae 100644
--- a/includes/SpecialWatchlist.php
+++ b/includes/SpecialWatchlist.php
@@ -22,7 +22,7 @@ function wfSpecialWatchlist( $par ) {
 	$fname = 'wfSpecialWatchlist';
 
 	$wgOut->setPagetitle( wfMsg( 'watchlist' ) );
-	$sub = wfMsg( 'watchlistsub', $wgUser->getName() );
+	$sub = htmlspecialchars( wfMsg( 'watchlistsub', $wgUser->getName() ) );
 	$wgOut->setSubtitle( $sub );
 	$wgOut->setRobotpolicy( 'noindex,nofollow' );