From 014c000fb17f2ec7b8a6004966b17505c39b77e3 Mon Sep 17 00:00:00 2001
From: umherirrender <umherirrender_de.wp@web.de>
Date: Tue, 27 Jan 2015 21:25:53 +0100
Subject: [PATCH] Escape all return values from
 ProtectedPagesPager::formatValue

Bug: T85864
Change-Id: Ifb58bd3823aa633135a701ae3e2ae9c955b422c0
---
 includes/specials/SpecialProtectedpages.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/includes/specials/SpecialProtectedpages.php b/includes/specials/SpecialProtectedpages.php
index 0ba73857bc..6749bb0ae8 100644
--- a/includes/specials/SpecialProtectedpages.php
+++ b/includes/specials/SpecialProtectedpages.php
@@ -353,7 +353,7 @@ class ProtectedPagesPager extends TablePager {
 	/**
 	 * @param string $field
 	 * @param string $value
-	 * @return string
+	 * @return string HTML
 	 * @throws MWException
 	 */
 	function formatValue( $field, $value ) {
@@ -372,7 +372,8 @@ class ProtectedPagesPager extends TablePager {
 						$this->msg( 'protectedpages-unknown-timestamp' )->escaped()
 					);
 				} else {
-					$formatted = $this->getLanguage()->userTimeAndDate( $value, $this->getUser() );
+					$formatted = htmlspecialchars( $this->getLanguage()->userTimeAndDate(
+						$value, $this->getUser() ) );
 				}
 				break;
 
@@ -402,7 +403,8 @@ class ProtectedPagesPager extends TablePager {
 				break;
 
 			case 'pr_expiry':
-				$formatted = $this->getLanguage()->formatExpiry( $value, /* User preference timezone */true );
+				$formatted = htmlspecialchars( $this->getLanguage()->formatExpiry(
+					$value, /* User preference timezone */true ) );
 				$title = Title::makeTitleSafe( $row->page_namespace, $row->page_title );
 				if ( $this->getUser()->isAllowed( 'protect' ) && $title ) {
 					$changeProtection = Linker::linkKnown(
@@ -454,7 +456,7 @@ class ProtectedPagesPager extends TablePager {
 				// Messages: restriction-level-sysop, restriction-level-autoconfirmed
 				$params[] = $this->msg( 'restriction-level-' . $row->pr_level )->escaped();
 				if ( $row->pr_cascade ) {
-					$params[] = $this->msg( 'protect-summary-cascade' )->text();
+					$params[] = $this->msg( 'protect-summary-cascade' )->escaped();
 				}
 				$formatted = $this->getLanguage()->commaList( $params );
 				break;
-- 
2.20.1