From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 14 Oct 2004 05:14:45 +0000 (+0000)
Subject: Escape input on a few error messages
X-Git-Tag: 1.5.0alpha1~1552
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/modifier.php?a=commitdiff_plain;h=43c81d2eece6f8aa24da8b7b8e4aebbccc3b19b6;p=lhc%2Fweb%2Fwiklou.git

Escape input on a few error messages
---

diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index d2085deb42..89eedcbe72 100644
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -87,7 +87,7 @@ class LoginForm {
 		global $wgOut;
 		
 		if ('' == $this->mEmail) {
-			$this->mainLoginForm( wfMsg( 'noemail', $this->mName ) );
+			$this->mainLoginForm( wfMsg( 'noemail', htmlspecialchars( $this->mName ) ) );
 			return;
 		}
 
@@ -313,8 +313,8 @@ class LoginForm {
 		$m = wfMsg( 'passwordremindertext', $ip, $u->getName(), $np );
 
 		$error = userMailer( $u->getEmail(), $wgPasswordSender, wfMsg( 'passwordremindertitle' ), $m );
-		  
-		return $error;
+		
+		return htmlspecialchars( $error );
 	}
 
 
@@ -371,7 +371,7 @@ class LoginForm {
 		$mmp = wfMsg( 'mailmypassword' );
 		$endText = wfMsg( 'loginend' );
 
-		if ( $endText = '&lt;loginend&gt;' ) {
+		if ( $endText == '&lt;loginend&gt;' ) {
 			$endText = '';
 		}