Don't double escape html entities for messages obtained through Message::escaped().

Since we require PHP 5.2.3+ and htmlspecialchars() has a fourth parameter to prevent double escaping since... PHP 5.2.3 (per manual), let's use it

diff --git a/includes/Message.php b/includes/Message.php
index 8097d43..16af726 100644 (file)
--- a/includes/Message.php
+++ b/includes/Message.php
@@ -278,9 +278,8 @@ class Message {
                } elseif( $this->format === 'text' ){
                        $string = $this->transformText( $string );
                } elseif( $this->format === 'escaped' ){
-                       # FIXME: Sanitizer method here?
                        $string = $this->transformText( $string );
-                       $string = htmlspecialchars( $string );
+                       $string = htmlspecialchars( $string, ENT_QUOTES, 'UTF-8', false );
                }
                
                # Raw parameter replacement