From d2ac7399cce5e88d0b6e5118da249d47018d5eab Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Tue, 10 Aug 2004 11:24:24 +0000
Subject: [PATCH] tweaking escaping of external links

---
 includes/Parser.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/includes/Parser.php b/includes/Parser.php
index 9e0f305c9e..3c539f0598 100644
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -1177,6 +1177,9 @@ class Parser
 					$url = substr( $url, 0, -$numSepChars );
 				}
 
+				# Replace &amp; from obsolete syntax with &
+				$url = str_replace( '&amp;', '&', $url );
+
 				# Is this an external image?
 				$text = $this->maybeMakeImageLink( $url );
 				if ( $text === false ) {
@@ -1197,7 +1200,7 @@ class Parser
 		if ( $this->mOptions->getAllowExternalImages() ) {
 			if ( preg_match( EXT_IMAGE_REGEX, $url ) ) {
 				# Image found
-				$text = $sk->makeImage( $url );
+				$text = $sk->makeImage( htmlspecialchars( $url ) );
 			}
 		}
 		return $text;
-- 
2.20.1