sanitize outgoing messages

author Neil Kandalgaonkar <neilk@users.mediawiki.org>

Thu, 26 Jan 2012 02:15:04 +0000 (02:15 +0000)

committer Neil Kandalgaonkar <neilk@users.mediawiki.org>

Thu, 26 Jan 2012 02:15:04 +0000 (02:15 +0000)
author Neil Kandalgaonkar <neilk@users.mediawiki.org>
Thu, 26 Jan 2012 02:15:04 +0000 (02:15 +0000)
committer Neil Kandalgaonkar <neilk@users.mediawiki.org>
Thu, 26 Jan 2012 02:15:04 +0000 (02:15 +0000)
diff --git a/includes/MessageBlobStore.php b/includes/MessageBlobStore.php

index be6b27c..f3fc4d3 100644 (file)
--- a/includes/MessageBlobStore.php
+++ b/includes/MessageBlobStore.php
@@ -350,7 +350,12 @@ class MessageBlobStore {
                 $messages = array();
  
                 foreach ( $module->getMessages() as $key ) {
-                       $messages[$key] = wfMsgExt( $key, array( 'language' => $lang ) );
+                       $messages[$key] =
+                               Sanitizer::normalizeCharReferences(
+                                       Sanitizer::removeHTMLtags(
+                                               wfMsgExt( $key, array( 'language' => $lang ) )
+                                       )
+                               );
                 }
  
                 return FormatJson::encode( (object)$messages );
author	Neil Kandalgaonkar <neilk@users.mediawiki.org>
	Thu, 26 Jan 2012 02:15:04 +0000 (02:15 +0000)
committer	Neil Kandalgaonkar <neilk@users.mediawiki.org>
	Thu, 26 Jan 2012 02:15:04 +0000 (02:15 +0000)