Cripple the wiki text stuff for now. It doesn't SEEM dangerous but I haven't tested...

diff --git a/includes/ImageGallery.php b/includes/ImageGallery.php
index 86927c5..ccf2c14 100644 (file)
--- a/includes/ImageGallery.php
+++ b/includes/ImageGallery.php
@@ -43,7 +43,6 @@ class ImageGallery
        
        /**
         * Set the caption
-        * What's passed is used as HTML so don't do anything stupid
         *
         * @param $caption Caption
         */
@@ -140,7 +139,7 @@ class ImageGallery
 
                $s = '<table class="gallery" cellspacing="0" cellpadding="0">';
                if( $this->mCaption )
-                       $s .= '<td class="galleryheader" colspan="4"><big>' . $this->mCaption . '</big></td>';
+                       $s .= '<td class="galleryheader" colspan="4"><big>' . htmlspecialchars( $this->mCaption ) . '</big></td>';
                
                $i = 0;
                foreach ( $this->mImages as $pair ) {

diff --git a/includes/Parser.php b/includes/Parser.php
index 8baaf97..e6ebb46 100644 (file)
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -4125,7 +4125,7 @@ class Parser
                $ig->useSkin( $this->mOptions->getSkin() );
 
                if( isset( $params['caption'] ) )
-                       $ig->setCaption( $this->replaceInternalLinks( $params['caption'] ) );
+                       $ig->setCaption( $params['caption'] );
                
                $lines = explode( "\n", $text );
                foreach ( $lines as $line ) {