Fixed XSS.

diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index c084923..d8679cd 100644 (file)
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -1166,7 +1166,7 @@ wgUploadAutoFill = {$autofill};
                else {
                        $wgOut->addHTML(
                                "<input tabindex='2' type='text' name='wpDestFile' id='wpDestFile' size='60'
-                                               value='{$encDestName}' onchange='toggleFilenameFiller()' $destOnkeyup />"
+                                               value=\"{$encDestName}\" onchange='toggleFilenameFiller()' $destOnkeyup />"
                        );
                }