From: Alexandre Emsenhuber <ialex@users.mediawiki.org>
Date: Sat, 23 Apr 2011 16:27:29 +0000 (+0000)
Subject: Don't double escape html entities for messages obtained through Message::escaped().
X-Git-Tag: 1.31.0-rc.0~30601
X-Git-Url: https://git.cyclocoop.org/%7B%7B%20url_for%28%27votes%27%2C%20votes=%27waiting%27%29%20%7D%7D?a=commitdiff_plain;h=b454219e062c0dd315407a775492c82213d4aa20;p=lhc%2Fweb%2Fwiklou.git

Don't double escape html entities for messages obtained through Message::escaped().
Since we require PHP 5.2.3+ and htmlspecialchars() has a fourth parameter to prevent double escaping since... PHP 5.2.3 (per manual), let's use it
---

diff --git a/includes/Message.php b/includes/Message.php
index 8097d4382a..16af7262fc 100644
--- a/includes/Message.php
+++ b/includes/Message.php
@@ -278,9 +278,8 @@ class Message {
 		} elseif( $this->format === 'text' ){
 			$string = $this->transformText( $string );
 		} elseif( $this->format === 'escaped' ){
-			# FIXME: Sanitizer method here?
 			$string = $this->transformText( $string );
-			$string = htmlspecialchars( $string );
+			$string = htmlspecialchars( $string, ENT_QUOTES, 'UTF-8', false );
 		}
 		
 		# Raw parameter replacement