From b8fcb82f481c7508c12ccd7ccc7d39bcd459d845 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Tue, 23 May 2006 04:15:37 +0000
Subject: [PATCH] * Fix for HTML/JS injection bug in variable handler (found by
 Nick Jenkins)

---
 RELEASE-NOTES          | 1 +
 includes/Sanitizer.php | 1 +
 2 files changed, 2 insertions(+)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index ffae1a7d23..9fa2822953 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -315,6 +315,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 6046) Update to Indonesian localisation (id) #15
 * (bug 5523) $wgNoFollowNsExceptions to allow disabling rel="nofollow" in
   specially-selected namespaces.
+* Fix for HTML/JS injection bug in variable handler (found by Nick Jenkins)
 
 
 == Compatibility ==
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 784541940c..93745c7e32 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -602,6 +602,7 @@ class Sanitizer {
 				'ISBN' => '&#73;SBN',
 				'RFC'  => '&#82;FC',
 				'PMID' => '&#80;MID',
+				'|'    => '&#124;',
 			) );
 
 			# Stupid hack
-- 
2.20.1