dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
d5064f7
)
Live fix: escape <, >, and " chars that sneak into tables, etc due to parser ordering...
author
Brion Vibber
<brion@users.mediawiki.org>
Sun, 2 Apr 2006 04:09:42 +0000
(
04:09
+0000)
committer
Brion Vibber
<brion@users.mediawiki.org>
Sun, 2 Apr 2006 04:09:42 +0000
(
04:09
+0000)
includes/Sanitizer.php
patch
|
blob
|
history
diff --git
a/includes/Sanitizer.php
b/includes/Sanitizer.php
index
45f7a49
..
37b2389
100644
(file)
--- a/
includes/Sanitizer.php
+++ b/
includes/Sanitizer.php
@@
-577,6
+577,9
@@
class Sanitizer {
# Templates and links may be expanded in later parsing,
# creating invalid or dangerous output. Suppress this.
$value = strtr( $value, array(
+ '<' => '<', // This should never happen,
+ '>' => '>', // we've received invalid input
+ '"' => '"', // which should have been escaped.
'{' => '{',
'[' => '[',
"''" => '''',