From: River Tarnell <kateturner@users.mediawiki.org>
Date: Thu, 14 Oct 2004 04:15:29 +0000 (+0000)
Subject: fix xss attack
X-Git-Tag: 1.5.0alpha1~1559
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/modifier.php?a=commitdiff_plain;h=242c0eb3664b9a449fbca1740da5642affc03415;p=lhc%2Fweb%2Fwiklou.git

fix xss attack
---

diff --git a/includes/ImagePage.php b/includes/ImagePage.php
index f375c7fd62..6eda49159d 100644
--- a/includes/ImagePage.php
+++ b/includes/ImagePage.php
@@ -76,7 +76,7 @@ class ImagePage extends Article {
 				}
 				$s = "<div class=\"fullImageLink\">" . $anchoropen .
 				     "<img border=\"0\" src=\"{$url}\" width=\"{$width}\" height=\"{$height}\" alt=\"" .
-				     $wgRequest->getVal( 'image' )."\" />" . $anchorclose . "</div>";
+				     htmlspecialchars( $wgRequest->getVal( 'image' ) )."\" />" . $anchorclose . "</div>";
 			} else {
 				$s = "<div class=\"fullMedia\">".$sk->makeMediaLink($this->img->getName(),"")."</div>";
 			}