X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/?a=blobdiff_plain;f=thumb.php;h=02ac0b024dcd580e8030f1863cad7ebee407cc46;hb=8f1341e12f72d6537feac1c2ba654bb6b1574d29;hp=d97f8e8eacd461c971ca88ebb5610d077ba25b83;hpb=17eba67ef329fb8f444f681e6ff515d1919376cb;p=lhc%2Fweb%2Fwiklou.git

diff --git a/thumb.php b/thumb.php
index d97f8e8eac..02ac0b024d 100644
--- a/thumb.php
+++ b/thumb.php
@@ -530,15 +530,6 @@ function wfExtractThumbParams( $file, $params ) {
 	$thumbname = $params['thumbName'];
 	unset( $params['thumbName'] );
 
-	// Do the hook first for older extensions that rely on it.
-	if ( !Hooks::run( 'ExtractThumbParameters', [ $thumbname, &$params ] ) ) {
-		// Check hooks if parameters can be extracted
-		// Hooks return false if they manage to *resolve* the parameters
-		// This hook should be considered deprecated
-		wfDeprecated( 'ExtractThumbParameters', '1.22' );
-		return $params; // valid thumbnail URL (via extension or config)
-	}
-
 	// FIXME: Files in the temp zone don't set a MIME type, which means
 	// they don't have a handler. Which means we can't parse the param
 	// string. However, not a big issue as what good is a param string
@@ -581,7 +572,7 @@ function wfExtractThumbParams( $file, $params ) {
  * @return void
  */
 function wfThumbErrorText( $status, $msgText ) {
-	wfThumbError( $status, htmlspecialchars( $msgText ) );
+	wfThumbError( $status, htmlspecialchars( $msgText, ENT_NOQUOTES ) );
 }
 
 /**
@@ -611,9 +602,10 @@ function wfThumbError( $status, $msgHtml, $msgText = null, $context = [] ) {
 	if ( $wgShowHostnames ) {
 		header( 'X-MW-Thumbnail-Renderer: ' . wfHostname() );
 		$url = htmlspecialchars(
-			isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : ''
+			isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '',
+			ENT_NOQUOTES
 		);
-		$hostname = htmlspecialchars( wfHostname() );
+		$hostname = htmlspecialchars( wfHostname(), ENT_NOQUOTES );
 		$debug = "<!-- $url -->\n<!-- $hostname -->\n";
 	} else {
 		$debug = '';