From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 14 Oct 2004 06:52:42 +0000 (+0000)
Subject: escape html output
X-Git-Tag: 1.5.0alpha1~1547
X-Git-Url: https://git.cyclocoop.org/%28%28?a=commitdiff_plain;h=0fa4b1f3852477b35b6ce69d1511dde7300ae73e;p=lhc%2Fweb%2Fwiklou.git

escape html output
---

diff --git a/includes/SpecialImagelist.php b/includes/SpecialImagelist.php
index af2df34c34..cc42ad45cf 100644
--- a/includes/SpecialImagelist.php
+++ b/includes/SpecialImagelist.php
@@ -113,8 +113,8 @@ function wfSpecialImagelist() {
 		else { $ul = $sk->makeLink( $wgContLang->getNsText(
 		  Namespace::getUser() ) . ":{$ut}", $ut ); }
 
-		$ilink = "<a href=\"" . Image::wfImageUrl( $name ) .
-		  "\">{$name}</a>";
+		$ilink = "<a href=\"" . htmlspecialchars( Image::wfImageUrl( $name ) ) .
+		  "\">" . htmlspecialchars( $name ) . "</a>";
 
 		$nb = wfMsg( "nbytes", $wgLang->formatNum( $s->img_size ) );
 		$l = "(" .
@@ -124,7 +124,7 @@ function wfSpecialImagelist() {
 		  $wgLang->timeanddate( $s->img_timestamp, true );
 
 		if ( "" != $s->img_description ) {
-			$l .= " <em>({$s->img_description})</em>";
+			$l .= ' <i>(' . $sk->formatComment( $s->img_description ) . ')</i>';
 		}
 		$wgOut->addHTML( "{$l}<br />\n" );
 	}