From dbbc637a52ff2c9dd37bfbf3f1d132fa01271446 Mon Sep 17 00:00:00 2001
From: Aryeh Gregor <simetrical@users.mediawiki.org>
Date: Mon, 24 Sep 2007 12:54:00 +0000
Subject: [PATCH] Actually, Sanitizer::encodeAttribute() was broken, so my last
 fix didn't actually work, there was still HTML injection.  Fixed it so it
 encodes single quotes too.  The only other things in core that used it (or
 its friend safeEncodeAttribute) appear to be utility functions in Xml and
 Sanitizer::fixTagAttributes, all of which use double quotes.  However, it's
 possible that the SemanticForms extension may be affected -- I didn't look
 closely, but it seems to safely use double-quotes.

---
 includes/Sanitizer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index f2dcbf94e1..c1c8daf37a 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -725,7 +725,7 @@ class Sanitizer {
 	 * @return HTML-encoded text fragment
 	 */
 	static function encodeAttribute( $text ) {
-		$encValue = htmlspecialchars( $text );
+		$encValue = htmlspecialchars( $text, ENT_QUOTES );
 
 		// Whitespace is normalized during attribute decoding,
 		// so if we've been passed non-spaces we must encode them
-- 
2.20.1