From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 22 Aug 2005 06:31:57 +0000 (+0000)
Subject: * (bug 3220) Fix escaping of block URLs in Recentchanges
X-Git-Tag: 1.6.0~1838
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/?a=commitdiff_plain;h=efc3bcf6cab160cbf08c2dd1825e93ef32abf56f;p=lhc%2Fweb%2Fwiklou.git

* (bug 3220) Fix escaping of block URLs in Recentchanges
Username with & would be cut off in the resulting form.
Also did some corrective escaping on username links for XML validation
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a841a478e1..988bf2481a 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -43,6 +43,7 @@ Misc work going on.....
 * (bug 1956) Hide bot uploads from Special:Newimages
 * (bug 3216) Don't show empty warning page when no warnings.
 * (bug 3218) Use proper quoting on history Compare Revisions button
+* (bug 3220) Fix escaping of block URLs in Recentchanges
 
 
 === Caveats ===
diff --git a/includes/ChangesList.php b/includes/ChangesList.php
index 1b83947f44..62761e3b24 100644
--- a/includes/ChangesList.php
+++ b/includes/ChangesList.php
@@ -365,7 +365,7 @@ class ChangesList {
 				$rc_user_text, 'target=' . $rc_user_text );
 		} else {
 			$userPage =& Title::makeTitle( NS_USER, $rc_user_text );
-			$userLink = $this->skin->makeLinkObj( $userPage, $rc_user_text );
+			$userLink = $this->skin->makeLinkObj( $userPage, htmlspecialchars( $rc_user_text ) );
 		}
 		$s .= $userLink;
 
@@ -376,14 +376,14 @@ class ChangesList {
 			$userTalkLink = '';
 		} else {
 			$userTalkPage =& Title::makeTitle( NS_USER_TALK, $rc_user_text );
-			$userTalkLink= $this->skin->makeLinkObj( $userTalkPage, $talkname );
+			$userTalkLink= $this->skin->makeLinkObj( $userTalkPage, htmlspecialchars( $talkname ) );
 		}
 		# Block link
 		$blockLink='';
 		if ( ( $wgSysopUserBans || 0 == $rc_user ) && $wgUser->isAllowed('block') ) {
 			$blockLinkPage = Title::makeTitle( NS_SPECIAL, 'Blockip' );
 			$blockLink = $this->skin->makeKnownLinkObj( $blockLinkPage,
-				$message['blocklink'], 'ip='.$rc_user_text );
+				htmlspecialchars( $message['blocklink'] ), 'ip=' . urlencode( $rc_user_text ) );
 
 		}
 		if($blockLink) {