Escape input on a few error messages

diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index d2085de..89eedcb 100644 (file)
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -87,7 +87,7 @@ class LoginForm {
                global $wgOut;
                
                if ('' == $this->mEmail) {
-                       $this->mainLoginForm( wfMsg( 'noemail', $this->mName ) );
+                       $this->mainLoginForm( wfMsg( 'noemail', htmlspecialchars( $this->mName ) ) );
                        return;
                }
 
@@ -313,8 +313,8 @@ class LoginForm {
                $m = wfMsg( 'passwordremindertext', $ip, $u->getName(), $np );
 
                $error = userMailer( $u->getEmail(), $wgPasswordSender, wfMsg( 'passwordremindertitle' ), $m );
-                 
-               return $error;
+               
+               return htmlspecialchars( $error );
        }
 
 
@@ -371,7 +371,7 @@ class LoginForm {
                $mmp = wfMsg( 'mailmypassword' );
                $endText = wfMsg( 'loginend' );
 
-               if ( $endText = '<loginend>' ) {
+               if ( $endText == '<loginend>' ) {
                        $endText = '';
                }