From d370c51df10ad6a53c0c99f94d19c8ce4db5a059 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Wed, 13 Jun 2018 15:28:20 +0000
Subject: [PATCH] Paranoia, escape image alignment parameters before
 outputting.

The alignment parameter is totally safe (See the very convoluted
code in the parser) but its best practise to escape things right
before the output. Additionally this protects in case any extension
uses a hook to do anything silly.

Change-Id: Ie19b106409d55c704b69280e2d0e2bb29068bd2e
---
 includes/Linker.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/includes/Linker.php b/includes/Linker.php
index 89a6a108ac..adc0297065 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -431,7 +431,11 @@ class Linker {
 			$s = $thumb->toHtml( $params );
 		}
 		if ( $frameParams['align'] != '' ) {
-			$s = "<div class=\"float{$frameParams['align']}\">{$s}</div>";
+			$s = Html::rawElement(
+				'div',
+				[ 'class' => 'float' . $frameParams['align'] ],
+				$s
+			);
 		}
 		return str_replace( "\n", ' ', $prefix . $s . $postfix );
 	}
-- 
2.20.1