From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 11 Feb 2005 07:16:36 +0000 (+0000)
Subject: Kill a <font> tag, add html paranoia
X-Git-Tag: 1.5.0alpha1~741
X-Git-Url: https://git.cyclocoop.org/%28%28?a=commitdiff_plain;h=74886b186c9012cc590a68d8321dc95d5572b9d6;p=lhc%2Fweb%2Fwiklou.git

Kill a <font> tag, add html paranoia
---

diff --git a/includes/SpecialLockdb.php b/includes/SpecialLockdb.php
index 1635aa4d57..db07f45822 100644
--- a/includes/SpecialLockdb.php
+++ b/includes/SpecialLockdb.php
@@ -46,11 +46,11 @@ class DBLockForm {
 
 		if ( "" != $err ) {
 			$wgOut->setSubtitle( wfMsg( "formerror" ) );
-			$wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
+			$wgOut->addHTML( '<p class="error">' . htmlspecialchars( $err ) . "</p>\n" );
 		}
-		$lc = wfMsg( "lockconfirm" );
-		$lb = wfMsg( "lockbtn" );
-		$elr = wfMsg( "enterlockreason" );
+		$lc = htmlspecialchars( wfMsg( "lockconfirm" ) );
+		$lb = htmlspecialchars( wfMsg( "lockbtn" ) );
+		$elr = htmlspecialchars( wfMsg( "enterlockreason" ) );
 		$titleObj = Title::makeTitle( NS_SPECIAL, "Lockdb" );
 		$action = $titleObj->escapeLocalURL( "action=submit" );