From 8fe8035da20d0f5861b51f196c7443dda06301ba Mon Sep 17 00:00:00 2001 From: Scimonster Date: Sun, 11 Jan 2015 16:11:43 +0000 Subject: [PATCH] Escape unsafe messages in CategoryViewer.php Bug: T85864 GCI: http://www.google-melange.com/gci/task/view/google/gci2014/5811264311787520 Change-Id: Ie59fb389b804f031b761f93f2c91a548742326ab --- includes/CategoryViewer.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/includes/CategoryViewer.php b/includes/CategoryViewer.php index 1a09d44649..c898ec975e 100644 --- a/includes/CategoryViewer.php +++ b/includes/CategoryViewer.php @@ -387,13 +387,16 @@ class CategoryViewer extends ContextSource { if ( $rescnt > 0 ) { # Showing subcategories - $r .= "
\n"; - $r .= '

' . $this->msg( 'subcategories' )->text() . "

\n"; + $r .= Html::openElement( 'div', array( 'id' => 'mw-subcategories' ) ); + $r .= "\n"; + $r .= Html::element( 'h2', array(), $this->msg( 'subcategories' )->text() ); + $r .= "\n"; $r .= $countmsg; $r .= $this->getSectionPagingLinks( 'subcat' ); $r .= $this->formatList( $this->children, $this->children_start_char ); $r .= $this->getSectionPagingLinks( 'subcat' ); - $r .= "\n
"; + $r .= "\n"; + $r .= Html::closeElement( 'div' ); } return $r; } @@ -416,13 +419,16 @@ class CategoryViewer extends ContextSource { $countmsg = $this->getCountMessage( $rescnt, $dbcnt, 'article' ); if ( $rescnt > 0 ) { - $r = "
\n"; - $r .= '

' . $this->msg( 'category_header', $ti )->text() . "

\n"; + $r .= Html::openElement( 'div', array( 'id' => 'mw-pages' ) ); + $r .= "\n"; + $r .= Html::element( 'h2', array(), $this->msg( 'category_header', $ti )->text() ); + $r .= "\n"; $r .= $countmsg; $r .= $this->getSectionPagingLinks( 'page' ); $r .= $this->formatList( $this->articles, $this->articles_start_char ); $r .= $this->getSectionPagingLinks( 'page' ); - $r .= "\n
"; + $r .= "\n"; + $r .= Html::closeElement( 'div' ); } return $r; } -- 2.20.1