Alteration of security fix to make it very slightly less ugly

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 91959f4..25f67bb 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -667,5 +667,12 @@ function wfQuotedPrintable( $string, $charset = "" )
        return $out;
 }
 
+# Changes the first character to an HTML entity
+function wfHtmlEscapeFirst( $text ) {
+       $ord = ord($text);
+       $newText = substr($text, 1);
+       return "&#$ord;$newText";
+}
+
 
 ?>

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 70ea4f2..6b8aec6 100644 (file)
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -142,9 +142,9 @@ class OutputPage {
                $stripped3 = "";
                
                # Replace any instances of the placeholders
-               $text = str_replace( $unique, '$unique', $text );
-               $text = str_replace( $unique2, '$unique2', $text );
-               $text = str_replace( $unique3, '$unique3', $text );
+               $text = str_replace( $unique, wfHtmlEscapeFirst( $unique ), $text );
+               $text = str_replace( $unique2, wfHtmlEscapeFirst( $unique2 ), $text );
+               $text = str_replace( $unique3, wfHtmlEscapeFirst( $unique3 ), $text );
                
                global $wgEnableParserCache;
                $use_parser_cache =