From: Brion Vibber Date: Thu, 24 Jun 2004 04:36:20 +0000 (+0000) Subject: Remove < and > from legal title chars. Adding these was a serious mistake; it opens... X-Git-Tag: 1.5.0alpha1~2789 X-Git-Url: https://git.cyclocoop.org/%28%28?a=commitdiff_plain;h=d49d3aa8946ea61df9e6ea8d48da017beda06abe;p=lhc%2Fweb%2Fwiklou.git Remove < and > from legal title chars. Adding these was a serious mistake; it opens many HTML/Javascript insertion vectors. --- diff --git a/includes/Title.php b/includes/Title.php index 58fcd2cc2e..66c52e436f 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -193,7 +193,7 @@ class Title { # Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but # this breaks interlanguage links - $set = " %!\"$&'()*,\\-.\\/0-9:;<=>?@A-Z\\\\^_`a-z{}~\\x80-\\xFF"; + $set = " %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z{}~\\x80-\\xFF"; return $set; }