From: Tim Starling <tstarling@users.mediawiki.org>
Date: Wed, 7 Jan 2004 09:02:36 +0000 (+0000)
Subject: Alteration of security fix to make it very slightly less ugly
X-Git-Tag: 1.3.0beta1~1185
X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=commitdiff_plain;h=82c2a935ff0a9d19f89c9db496b2b91f7d2c36be;p=lhc%2Fweb%2Fwiklou.git

Alteration of security fix to make it very slightly less ugly
---

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 91959f410f..25f67bb9ba 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -667,5 +667,12 @@ function wfQuotedPrintable( $string, $charset = "" )
 	return $out;
 }
 
+# Changes the first character to an HTML entity
+function wfHtmlEscapeFirst( $text ) {
+	$ord = ord($text);
+	$newText = substr($text, 1);
+	return "&#$ord;$newText";
+}
+
 
 ?>
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 70ea4f20ca..6b8aec6743 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -142,9 +142,9 @@ class OutputPage {
 		$stripped3 = "";
 		
 		# Replace any instances of the placeholders
-		$text = str_replace( $unique, '$unique', $text );
-		$text = str_replace( $unique2, '$unique2', $text );
-		$text = str_replace( $unique3, '$unique3', $text );
+		$text = str_replace( $unique, wfHtmlEscapeFirst( $unique ), $text );
+		$text = str_replace( $unique2, wfHtmlEscapeFirst( $unique2 ), $text );
+		$text = str_replace( $unique3, wfHtmlEscapeFirst( $unique3 ), $text );
 		
 		global $wgEnableParserCache;
 		$use_parser_cache =