From 4b390e9c9b77ea8c5d2244747a6e233b13a595fd Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Sat, 14 May 2005 05:42:29 +0000
Subject: [PATCH] fixed potential XSS vulnerability

---
 includes/MessageCache.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/MessageCache.php b/includes/MessageCache.php
index 8af4484f91..6d4b7881cf 100755
--- a/includes/MessageCache.php
+++ b/includes/MessageCache.php
@@ -234,7 +234,7 @@ class MessageCache
 		}
 		# If uninitialised, someone is trying to call this halfway through Setup.php
 		if( !$this->mInitialised ) {
-			return "&lt;$key&gt;";
+			return '&lt;' . htmlspecialchars($key) . '&gt;';
 		}
 		# If cache initialization was deferred, start it now.
 		if( $this->mDeferred ) {
@@ -277,7 +277,7 @@ class MessageCache
 		
 		# Final fallback
 		if( !$message ) {
-			$message = "&lt;$key&gt;";
+			return '&lt;' . htmlspecialchars($key) . '&gt;';
 		}
 
 		# Replace brace tags
-- 
2.20.1