From: River Tarnell <kateturner@users.mediawiki.org>
Date: Wed, 13 Oct 2004 21:38:50 +0000 (+0000)
Subject: fix xss attack
X-Git-Tag: 1.5.0alpha1~1563
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/?a=commitdiff_plain;h=264b933281f5cde47885325039b4322c6781575f;p=lhc%2Fweb%2Fwiklou.git

fix xss attack
---

diff --git a/includes/SpecialMaintenance.php b/includes/SpecialMaintenance.php
index 3166c5a4fe..85c15109a5 100644
--- a/includes/SpecialMaintenance.php
+++ b/includes/SpecialMaintenance.php
@@ -283,7 +283,8 @@ function wfSpecialMissingLanguageLinks() {
 	$wgOut->addHTML( "<p>{$top}\n" );
 
 	$sl = wfViewPrevNext( $offset, $limit, 'REPLACETHIS' ) ;
-	$sl = str_replace ( 'REPLACETHIS' , sns().":Maintenance&subfunction=missinglanguagelinks&thelang={$thelang}" , $sl ) ;
+	$sl = str_replace ( 'REPLACETHIS' , sns().":Maintenance&subfunction=missinglanguagelinks&thelang=".
+						htmlspecialchars($thelang), $sl ) ;
 	$wgOut->addHTML( "<br>{$sl}\n" );
 
 	$sk = $wgUser->getSkin();