From d3b61fea7ceef35036bee7b820b4099a74c88641 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Niklas=20Laxstr=C3=B6m?= <nikerabbit@users.mediawiki.org>
Date: Fri, 22 May 2009 09:35:48 +0000
Subject: [PATCH] Escaping fixes

---
 includes/Block.php                            |  4 +--
 includes/ChangesList.php                      |  4 +--
 includes/EditPage.php                         |  9 ++++---
 includes/Linker.php                           |  2 +-
 includes/LogEventsList.php                    |  2 ++
 includes/LogPage.php                          | 12 ++++++---
 includes/OutputPage.php                       |  2 +-
 includes/PageHistory.php                      |  1 +
 includes/Pager.php                            |  4 +--
 includes/Preferences.php                      | 25 ++++++++++---------
 includes/QueryPage.php                        |  2 +-
 includes/Skin.php                             |  6 ++---
 includes/diff/DifferenceEngine.php            |  6 ++---
 includes/specials/SpecialAncientpages.php     |  2 +-
 includes/specials/SpecialContributions.php    |  2 +-
 .../specials/SpecialDeletedContributions.php  |  4 +--
 includes/specials/SpecialDoubleRedirects.php  |  2 +-
 includes/specials/SpecialFewestrevisions.php  |  4 +--
 includes/specials/SpecialIpblocklist.php      |  9 +++----
 includes/specials/SpecialListfiles.php        |  2 +-
 includes/specials/SpecialListgrouprights.php  |  6 ++---
 includes/specials/SpecialListusers.php        |  7 +++---
 includes/specials/SpecialNewimages.php        |  4 +--
 includes/specials/SpecialNewpages.php         |  2 +-
 includes/specials/SpecialPrefixindex.php      |  2 +-
 includes/specials/SpecialProtectedpages.php   |  2 +-
 .../specials/SpecialRecentchangeslinked.php   |  2 +-
 includes/specials/SpecialResetpass.php        |  2 +-
 includes/specials/SpecialRevisiondelete.php   |  2 +-
 includes/specials/SpecialUndelete.php         | 10 +++++---
 includes/specials/SpecialUserrights.php       |  2 +-
 31 files changed, 78 insertions(+), 67 deletions(-)

diff --git a/includes/Block.php b/includes/Block.php
index b62fceb0aa..767e0567d8 100644
--- a/includes/Block.php
+++ b/includes/Block.php
@@ -826,7 +826,7 @@ class Block {
 	 * Convert a DB-encoded expiry into a real string that humans can read.
 	 *
 	 * @param $encoded_expiry String: Database encoded expiry time
-	 * @return String
+	 * @return Html-escaped String
 	 */
 	public static function formatExpiry( $encoded_expiry ) {
 		static $msg = null;
@@ -844,7 +844,7 @@ class Block {
 			$expirystr = $msg['infiniteblock'];
 		} else {
 			global $wgLang;
-			$expiretimestr = $wgLang->timeanddate( $expiry, true );
+			$expiretimestr = htmlspecialchars($wgLang->timeanddate( $expiry, true ));
 			$expirystr = wfMsgReplaceArgs( $msg['expiringblock'], array($expiretimestr) );
 		}
 		return $expirystr;
diff --git a/includes/ChangesList.php b/includes/ChangesList.php
index 69eeed9073..fa1b724c66 100644
--- a/includes/ChangesList.php
+++ b/includes/ChangesList.php
@@ -176,7 +176,7 @@ class ChangesList {
 			if( '' != $this->lastdate ) {
 				$s .= "</ul>\n";
 			}
-			$s .= '<h4>'.$date."</h4>\n<ul class=\"special\">";
+			$s .= Xml::element( 'h4', null, $date ) . "\n<ul class=\"special\">";
 			$this->lastdate = $date;
 			$this->rclistOpen = true;
 		}
@@ -517,7 +517,7 @@ class EnhancedChangesList extends ChangesList {
 			# Process current cache
 			$ret = $this->recentChangesBlock();
 			$this->rc_cache = array();
-			$ret .= "<h4>{$date}</h4>\n";
+			$ret .= Xml::element( 'h4', null, $date );
 			$this->lastdate = $date;
 		}
 
diff --git a/includes/EditPage.php b/includes/EditPage.php
index f3ef632a36..03f9fec8a5 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1286,8 +1286,8 @@ class EditPage {
 		#if ( "no" == $redirect ) { $q .= "&redirect=no"; }
 		$action = $wgTitle->escapeLocalURL( $q );
 
-		$summary = wfMsg( 'summary' );
-		$subject = wfMsg( 'subject' );
+		$summary = wfMsgExt( 'summary', 'parseinline' );
+		$subject = wfMsgExt( 'subject', 'parseinline' );
 
 		$cancel = $sk->makeKnownLink( $wgTitle->getPrefixedText(),
 				wfMsgExt('cancel', array('parseinline')) );
@@ -1384,7 +1384,8 @@ class EditPage {
 			$editsummary = "<div class='editOptions'>\n";
 			global $wgParser;
 			$formattedSummary = wfMsgForContent( 'newsectionsummary', $wgParser->stripSectionName( $this->summary ) );
-			$subjectpreview = $summarytext && $this->preview ? "<div class=\"mw-summary-preview\">". wfMsg('subject-preview') . $sk->commentBlock( $formattedSummary, $this->mTitle, true )."</div>\n" : '';
+			$subjectpreview = $summarytext && $this->preview ?
+				"<div class=\"mw-summary-preview\">". wfMsgExt('subject-preview', 'parseinline') . $sk->commentBlock( $formattedSummary, $this->mTitle, true )."</div>\n" : '';
 			$summarypreview = '';
 		} else {
 			$commentsubject = '';
@@ -1414,7 +1415,7 @@ class EditPage {
 				$summarypreview =
 					Xml::tags( 'div',
 						array( 'class' => 'mw-summary-preview' ),
-						wfMsg( 'summary-preview' ) .
+						wfMsgExt( 'summary-preview', 'parseinline' ) .
 							$sk->commentBlock( $this->summary, $this->mTitle )
 					);
 			}
diff --git a/includes/Linker.php b/includes/Linker.php
index 05ddcd02e5..1578bd7b3a 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1276,7 +1276,7 @@ class Linker {
 			}
 			if ( $sectionTitle ) {
 				$link = $this->link( $sectionTitle,
-					wfMsgForContent( 'sectionlink' ), array(), array(),
+					htmlspecialchars( wfMsgForContent( 'sectionlink' ) ), array(), array(),
 					'noclasses' );
 			} else {
 				$link = '';
diff --git a/includes/LogEventsList.php b/includes/LogEventsList.php
index c56a08c9c4..60a1721fde 100644
--- a/includes/LogEventsList.php
+++ b/includes/LogEventsList.php
@@ -355,6 +355,8 @@ class LogEventsList {
 			$revert = '<span class="mw-logevent-actionlink">' . $revert . '</span>';
 		}
 
+		$time = htmlspecialchars( $time );
+
 		return Xml::tags( 'li', array( "class" => implode( ' ', $classes ) ),
 			$del . $time . ' ' . $userLink . ' ' . $action . ' ' . $comment . ' ' . $revert . " $tagDisplay" ) . "\n";
 	}
diff --git a/includes/LogPage.php b/includes/LogPage.php
index 4d0bea1234..82ff8e273c 100644
--- a/includes/LogPage.php
+++ b/includes/LogPage.php
@@ -173,7 +173,7 @@ class LogPage {
 		}
 		if( isset( $wgLogActions[$key] ) ) {
 			if( is_null( $title ) ) {
-				$rv = wfMsg( $wgLogActions[$key] );
+				$rv = wfMsgHtml( $wgLogActions[$key] );
 			} else {
 				$titleLink = self::getTitleLink( $type, $skin, $title, $params );
 				if( $key == 'rights/rights' ) {
@@ -194,9 +194,9 @@ class LogPage {
 				}
 				if( count( $params ) == 0 ) {
 					if ( $skin ) {
-						$rv = wfMsg( $wgLogActions[$key], $titleLink );
+						$rv = wfMsgHtml( $wgLogActions[$key], $titleLink );
 					} else {
-						$rv = wfMsgForContent( $wgLogActions[$key], $titleLink );
+						$rv = wfMsgExt( $wgLogActions[$key], array( 'parsemag', 'escape', 'replaceafter', 'content' ), $titleLink );
 					}
 				} else {
 					$details = '';
@@ -243,7 +243,11 @@ class LogPage {
 						$nfield = intval( substr( $params[3], 7 ) ); // <nfield=x>
 						$details .= ': '.RevisionDeleter::getLogMessage( $count, $nfield, $ofield, true );
 					}
-					$rv = wfMsgReal( $wgLogActions[$key], $params, true, !$skin ) . $details;
+					if ( $skin ) {
+						$rv = wfMsgHtml( $wgLogActions[$key], $params ) . $details;
+					} else {
+						$rv = wfMsgExt( $wgLogActions[$key], array( 'parsemag', 'escape', 'replaceafter', 'content' ), $params ) . $details;
+					}
 				}
 			}
 		} else {
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 2aaaf15c60..f8ae310011 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -1444,7 +1444,7 @@ class OutputPage {
 	public function addReturnTo( $title ) {
 		global $wgUser;
 		$this->addLink( array( 'rel' => 'next', 'href' => $title->getFullUrl() ) );
-		$link = wfMsg( 'returnto', $wgUser->getSkin()->link( $title ) );
+		$link = wfMsgHtml( 'returnto', $wgUser->getSkin()->link( $title ) );
 		$this->addHTML( "<p>{$link}</p>\n" );
 	}
 
diff --git a/includes/PageHistory.php b/includes/PageHistory.php
index c9e9578a7a..5d0b026577 100644
--- a/includes/PageHistory.php
+++ b/includes/PageHistory.php
@@ -373,6 +373,7 @@ class PageHistory {
 	function revLink( $rev ) {
 		global $wgLang;
 		$date = $wgLang->timeanddate( wfTimestamp(TS_MW, $rev->getTimestamp()), true );
+		$date = htmlspecialchars( $date );
 		if( !$rev->isDeleted( Revision::DELETED_TEXT ) ) {
 			$link = $this->mSkin->makeKnownLinkObj( $this->mTitle, $date, "oldid=" . $rev->getId() );
 		} else {
diff --git a/includes/Pager.php b/includes/Pager.php
index dea216793a..7b6fcf8a1c 100644
--- a/includes/Pager.php
+++ b/includes/Pager.php
@@ -607,8 +607,8 @@ abstract class ReverseChronologicalPager extends IndexPager {
 		}
 		$nicenumber = $wgLang->formatNum( $this->mLimit );
 		$linkTexts = array(
-			'prev' => wfMsgExt( 'pager-newer-n', array( 'parsemag' ), $nicenumber ),
-			'next' => wfMsgExt( 'pager-older-n', array( 'parsemag' ), $nicenumber ),
+			'prev' => wfMsgExt( 'pager-newer-n', array( 'parsemag', 'escape' ), $nicenumber ),
+			'next' => wfMsgExt( 'pager-older-n', array( 'parsemag', 'escape' ), $nicenumber ),
 			'first' => wfMsgHtml( 'histlast' ),
 			'last' => wfMsgHtml( 'histfirst' )
 		);
diff --git a/includes/Preferences.php b/includes/Preferences.php
index df511b076c..4a4a8d6eee 100644
--- a/includes/Preferences.php
+++ b/includes/Preferences.php
@@ -122,7 +122,7 @@ class Preferences {
 					'type' => 'info',
 					'label' => wfMsgExt( 'prefs-memberingroups', 'parseinline',
 								count($userEffectiveGroupsArray) ),
-					'default' => $wgLang->commaList( $userEffectiveGroupsArray ),
+					'default' => htmlspecialchars( $wgLang->commaList( $userEffectiveGroupsArray ) ),
 					'raw' => true,
 					'section' => 'personal/info',
 				);
@@ -301,19 +301,19 @@ class Preferences {
 					$time = $wgLang->timeAndDate( $user->getEmailAuthenticationTimestamp(), true );
 					$d = $wgLang->date( $user->getEmailAuthenticationTimestamp(), true );
 					$t = $wgLang->time( $user->getEmailAuthenticationTimestamp(), true );
-					$emailauthenticated = wfMsg('emailauthenticated', $time, $d, $t ).'<br />';
+					$emailauthenticated = htmlspecialchars(wfMsg('emailauthenticated', $time, $d, $t )).'<br />';
 					$disableEmailPrefs = false;
 				} else {
 					$disableEmailPrefs = true;
 					global $wgUser; // wgUser is okay here, it's for display
 					$skin = $wgUser->getSkin();
-					$emailauthenticated = wfMsg('emailnotauthenticated').'<br />' .
+					$emailauthenticated = wfMsgHtml('emailnotauthenticated').'<br />' .
 						$skin->makeKnownLinkObj( SpecialPage::getTitleFor( 'Confirmemail' ),
 							wfMsg( 'emailconfirmlink' ) ) . '<br />';
 				}
 			} else {
 				$disableEmailPrefs = true;
-				$emailauthenticated = wfMsg( 'noemailprefs' );
+				$emailauthenticated = wfMsgHtml( 'noemailprefs' );
 			}
 			
 			$defaultPreferences['emailauthentication'] =
@@ -413,7 +413,7 @@ class Preferences {
 					array(
 						'type' => 'radio',
 						'options' =>
-							array_flip( array_map( 'wfMsg', $wgLang->getMathNames() ) ),
+							array_flip( array_map( 'wfMsgHtml', $wgLang->getMathNames() ) ),
 						'label' => '&nbsp;',
 						'section' => 'rendering/math',
 					);
@@ -848,6 +848,7 @@ class Preferences {
 			
 			if (!$displayNs) $displayNs = wfMsg( 'blanknamespace' );
 			
+			$displayNs = htmlspecialchars( $displayNs );
 			$nsOptions[$displayNs] = $ns;
 		}
 		
@@ -882,7 +883,7 @@ class Preferences {
 		$ret = array();
 		
 		$mptitle = Title::newMainPage();
-		$previewtext = wfMsg( 'skin-preview' );
+		$previewtext = wfMsgHtml( 'skin-preview' );
 		# Only show members of Skin::getSkinNames() rather than
 		# $skinNames (skins is all skin names from Language.php)
 		$validSkinNames = Skin::getUsableSkins();
@@ -892,7 +893,7 @@ class Preferences {
 			$msgName = "skinname-{$skinkey}";
 			$localisedSkinName = wfMsg( $msgName );
 			if ( !wfEmptyMsg( $msgName, $localisedSkinName ) )  {
-				$skinname = $localisedSkinName;
+				$skinname = htmlspecialchars($localisedSkinName);
 			}
 		}
 		asort($validSkinNames);
@@ -905,7 +906,7 @@ class Preferences {
 			global $wgAllowUserCss, $wgAllowUserJs;
 			if( $wgAllowUserCss ) {
 				$cssPage = Title::makeTitleSafe( NS_USER, $user->getName().'/'.$skinkey.'.css' );
-				$customCSS = $sk->link( $cssPage, wfMsgExt( 'prefs-custom-css', array() ) );
+				$customCSS = $sk->link( $cssPage, wfMsgHtml( 'prefs-custom-css' ) );
 				$extraLinks .= " ($customCSS)";
 			}
 			if( $wgAllowUserJs ) {
@@ -914,7 +915,7 @@ class Preferences {
 				$extraLinks .= " ($customJS)";
 			}
 			if( $skinkey == $wgDefaultSkin )
-				$sn .= ' (' . wfMsg( 'default' ) . ')';
+				$sn .= ' (' . wfMsgHtml( 'default' ) . ')';
 			$display = "$sn $previewlink{$extraLinks}";
 			$ret[$display] = $skinkey;
 		}
@@ -933,9 +934,9 @@ class Preferences {
 			$epoch = '20010115161234'; # Wikipedia day
 			foreach( $dateopts as $key ) {
 				if( $key == 'default' ) {
-					$formatted = wfMsg( 'datedefault' );
+					$formatted = wfMsgHtml( 'datedefault' );
 				} else {
-					$formatted = $wgLang->timeanddate( $epoch, false, $key );
+					$formatted = htmlspecialchars($wgLang->timeanddate( $epoch, false, $key ));
 				}
 				$ret[$formatted] = $key;
 			}
@@ -1222,7 +1223,7 @@ class PreferencesForm extends HTMLForm {
 		$sk = $wgUser->getSkin();
 		$t = SpecialPage::getTitleFor( 'Preferences', 'reset' );
 		
-		$html .= "\n" . $sk->link( $t, wfMsg( 'restoreprefs' ) );
+		$html .= "\n" . $sk->link( $t, wfMsgHtml( 'restoreprefs' ) );
 		
 		$html = Xml::tags( 'div', array( 'class' => 'mw-prefs-buttons' ), $html );
 		
diff --git a/includes/QueryPage.php b/includes/QueryPage.php
index 671fd5c41f..af96746774 100644
--- a/includes/QueryPage.php
+++ b/includes/QueryPage.php
@@ -585,7 +585,7 @@ abstract class WantedQueryPage extends QueryPage {
 			return wfSpecialList( $pageLink, $this->makeWlhLink( $title, $skin, $result ) );
 		} else {
 			$tsafe = htmlspecialchars( $result->title );
-			return wfMsg( 'wantedpages-badtitle', $tsafe );
+			return wfMsgHtml( 'wantedpages-badtitle', $tsafe );
 		}
 	}
 	
diff --git a/includes/Skin.php b/includes/Skin.php
index 79cf3f3cd3..faad104518 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -1634,20 +1634,20 @@ END;
 	}
 
 	function historyLink() {
-		return $this->link( $this->mTitle, wfMsg( 'history' ),
+		return $this->link( $this->mTitle, wfMsgHtml( 'history' ),
 			array( 'rel' => 'archives' ), array( 'action' => 'history' ) );
 	}
 
 	function whatLinksHere() {
 		return $this->makeKnownLinkObj(
 			SpecialPage::getTitleFor( 'Whatlinkshere', $this->mTitle->getPrefixedDBkey() ),
-			wfMsg( 'whatlinkshere' ) );
+			wfMsgHtml( 'whatlinkshere' ) );
 	}
 
 	function userContribsLink() {
 		return $this->makeKnownLinkObj(
 			SpecialPage::getTitleFor( 'Contributions', $this->mTitle->getDBkey() ),
-			wfMsg( 'contributions' ) );
+			wfMsgHtml( 'contributions' ) );
 	}
 
 	function showEmailUser( $id ) {
diff --git a/includes/diff/DifferenceEngine.php b/includes/diff/DifferenceEngine.php
index 152195bfeb..53f9f8a5ed 100644
--- a/includes/diff/DifferenceEngine.php
+++ b/includes/diff/DifferenceEngine.php
@@ -737,7 +737,7 @@ CONTROL;
 
 	function localiseLineNumbersCb( $matches ) {
 		global $wgLang;
-		return wfMsgExt( 'lineno', array (), $wgLang->formatNum( $matches[1] ) );
+		return wfMsgExt( 'lineno', 'escape', $wgLang->formatNum( $matches[1] ) );
 	}
 
 
@@ -840,7 +840,7 @@ CONTROL;
 		$this->mNewPage = $this->mNewRev->getTitle();
 		if( $this->mNewRev->isCurrent() ) {
 			$newLink = $this->mNewPage->escapeLocalUrl( 'oldid=' . $this->mNewid );
-			$this->mPagetitle = wfMsgHTML( 'currentrev-asof', $timestamp );
+			$this->mPagetitle = htmlspecialchars( wfMsg( 'currentrev-asof', $timestamp ) );
 			$newEdit = $this->mNewPage->escapeLocalUrl( 'action=edit' );
 
 			$this->mNewtitle = "<a href='$newLink'>{$this->mPagetitle}</a>";
@@ -848,7 +848,7 @@ CONTROL;
 		} else {
 			$newLink = $this->mNewPage->escapeLocalUrl( 'oldid=' . $this->mNewid );
 			$newEdit = $this->mNewPage->escapeLocalUrl( 'action=edit&oldid=' . $this->mNewid );
-			$this->mPagetitle = wfMsgHTML( 'revisionasof', $timestamp );
+			$this->mPagetitle = htmlspecialchars( wfMsg( 'revisionasof', $timestamp ) );
 
 			$this->mNewtitle = "<a href='$newLink'>{$this->mPagetitle}</a>";
 			$this->mNewtitle .= " (<a href='$newEdit'>" . wfMsgHtml( $editable ? 'editold' : 'viewsourceold' ) . "</a>)";
diff --git a/includes/specials/SpecialAncientpages.php b/includes/specials/SpecialAncientpages.php
index 188ad9148b..6ebd570ac9 100644
--- a/includes/specials/SpecialAncientpages.php
+++ b/includes/specials/SpecialAncientpages.php
@@ -47,7 +47,7 @@ class AncientPagesPage extends QueryPage {
 		$d = $wgLang->timeanddate( wfTimestamp( TS_MW, $result->value ), true );
 		$title = Title::makeTitle( $result->namespace, $result->title );
 		$link = $skin->makeKnownLinkObj( $title, htmlspecialchars( $wgContLang->convert( $title->getPrefixedText() ) ) );
-		return wfSpecialList($link, $d);
+		return wfSpecialList($link, htmlspecialchars($d) );
 	}
 }
 
diff --git a/includes/specials/SpecialContributions.php b/includes/specials/SpecialContributions.php
index 22a7a4d343..fed8d13de5 100644
--- a/includes/specials/SpecialContributions.php
+++ b/includes/specials/SpecialContributions.php
@@ -513,7 +513,7 @@ class ContribsPager extends ReverseChronologicalPager {
 
 		$comment = $wgContLang->getDirMark() . $sk->revComment( $rev, false, true );
 		$date = $wgLang->timeanddate( wfTimestamp( TS_MW, $row->rev_timestamp ), true );
-		$d = $sk->makeKnownLinkObj( $page, $date, 'oldid='.intval($row->rev_id) );
+		$d = $sk->makeKnownLinkObj( $page, htmlspecialchars($date), 'oldid='.intval($row->rev_id) );
 
 		if( $this->target == 'newbies' ) {
 			$userlink = ' . . ' . $sk->userLink( $row->rev_user, $row->rev_user_text );
diff --git a/includes/specials/SpecialDeletedContributions.php b/includes/specials/SpecialDeletedContributions.php
index d5dc37171a..05196a44b1 100644
--- a/includes/specials/SpecialDeletedContributions.php
+++ b/includes/specials/SpecialDeletedContributions.php
@@ -83,7 +83,7 @@ class DeletedContribsPager extends IndexPager {
 		$limits = $wgLang->pipeList( $limitLinks );
 
 		$this->mNavigationBar = "(" . $wgLang->pipeList( array( $pagingLinks['first'], $pagingLinks['last'] ) ) . ") " .
-			wfMsgExt( 'viewprevnext', array( 'parsemag' ), $pagingLinks['prev'], $pagingLinks['next'], $limits );
+			wfMsgExt( 'viewprevnext', array( 'parsemag', 'escape', 'replaceafter' ), $pagingLinks['prev'], $pagingLinks['next'], $limits );
 		return $this->mNavigationBar;
 	}
 
@@ -145,7 +145,7 @@ class DeletedContribsPager extends IndexPager {
 			"&diff=prev" );
 
 		$comment = $sk->revComment( $rev );
-		$d = $wgLang->timeanddate( $rev->getTimestamp(), true );
+		$d = htmlspecialchars( $wgLang->timeanddate( $rev->getTimestamp(), true ) );
 
 		if( $rev->isDeleted( Revision::DELETED_TEXT ) ) {
 			$d = '<span class="history-deleted">' . $d . '</span>';
diff --git a/includes/specials/SpecialDoubleRedirects.php b/includes/specials/SpecialDoubleRedirects.php
index d97f4b4896..28ffccbea8 100644
--- a/includes/specials/SpecialDoubleRedirects.php
+++ b/includes/specials/SpecialDoubleRedirects.php
@@ -81,7 +81,7 @@ class DoubleRedirectsPage extends PageQueryPage {
 		$titleC = Title::makeTitle( $result->nsc, $result->tc );
 
 		$linkA = $skin->makeKnownLinkObj( $titleA, '', 'redirect=no' );
-		$edit = $skin->makeBrokenLinkObj( $titleA, "(".wfMsg("qbedit").")" , 'redirect=no');
+		$edit = $skin->makeBrokenLinkObj( $titleA, "(".wfMsgHtml("qbedit").")" , 'redirect=no');
 		$linkB = $skin->makeKnownLinkObj( $titleB, '', 'redirect=no' );
 		$linkC = $skin->makeKnownLinkObj( $titleC );
 		$arr = $wgContLang->getArrow() . $wgContLang->getDirMark();
diff --git a/includes/specials/SpecialFewestrevisions.php b/includes/specials/SpecialFewestrevisions.php
index afd5ad48a5..b8331fbeed 100644
--- a/includes/specials/SpecialFewestrevisions.php
+++ b/includes/specials/SpecialFewestrevisions.php
@@ -57,9 +57,9 @@ class FewestrevisionsPage extends QueryPage {
 
 		$plink = $skin->makeKnownLinkObj( $nt, $text );
 
-		$nl = wfMsgExt( 'nrevisions', array( 'parsemag', 'escape'),
+		$nl = wfMsgExt( 'nrevisions', array( 'parsemag', 'escape' ),
 			$wgLang->formatNum( $result->value ) );
-		$redirect = $result->redirect ? ' - ' . wfMsg( 'isredirect' ) : '';
+		$redirect = $result->redirect ? ' - ' . wfMsgHtml( 'isredirect' ) : '';
 		$nlink = $skin->makeKnownLinkObj( $nt, $nl, 'action=history' ) . $redirect;
 
 
diff --git a/includes/specials/SpecialIpblocklist.php b/includes/specials/SpecialIpblocklist.php
index 02d862f21e..78126d4545 100644
--- a/includes/specials/SpecialIpblocklist.php
+++ b/includes/specials/SpecialIpblocklist.php
@@ -384,11 +384,10 @@ class IPUnblockForm {
 		if( is_null( $msg ) ) {
 			$msg = array();
 			$keys = array( 'infiniteblock', 'expiringblock', 'unblocklink', 'change-blocklink',
-				'anononlyblock', 'createaccountblock', 'noautoblockblock', 'emailblock', 'blocklist-nousertalk' );
+				'anononlyblock', 'createaccountblock', 'noautoblockblock', 'emailblock', 'blocklist-nousertalk', 'blocklistline' );
 			foreach( $keys as $key ) {
 				$msg[$key] = wfMsgHtml( $key );
 			}
-			$msg['blocklistline'] = wfMsg( 'blocklistline' );
 		}
 
 		# Prepare links to the blocker's user and talk pages
@@ -405,7 +404,7 @@ class IPUnblockForm {
 				. $sk->userToolLinks( $block->mUser, $block->mAddress, false, Linker::TOOL_LINKS_NOBLOCK );
 		}
 
-		$formattedTime = $wgLang->timeanddate( $block->mTimestamp, true );
+		$formattedTime = htmlspecialchars( $wgLang->timeanddate( $block->mTimestamp, true ) );
 
 		$properties = array();
 		$properties[] = Block::formatExpiry( $block->mExpiry );
@@ -443,7 +442,7 @@ class IPUnblockForm {
 
 			# Create changeblocklink for all blocks with exception of autoblocks
 			if( !$block->mAuto ) {
-				$changeblocklink = wfMsg( 'pipe-separator' ) .
+				$changeblocklink = wfMsgExt( 'pipe-separator', 'escapenoentities' ) .
 					$sk->link( SpecialPage::getTitleFor( 'Blockip', $block->mAddress ), 
 						$msg['change-blocklink'],
 						array(), array(), 'known' );
@@ -451,7 +450,7 @@ class IPUnblockForm {
 			$toolLinks = "($unblocklink$changeblocklink)";
 		}
 
-		$comment = $sk->commentBlock( $block->mReason );
+		$comment = $sk->commentBlock( htmlspecialchars($block->mReason) );
 
 		$s = "{$line} $comment";
 		if ( $block->mHideName )
diff --git a/includes/specials/SpecialListfiles.php b/includes/specials/SpecialListfiles.php
index fa23649a94..d3ad50e0ef 100644
--- a/includes/specials/SpecialListfiles.php
+++ b/includes/specials/SpecialListfiles.php
@@ -127,7 +127,7 @@ class ImageListPager extends TablePager {
 		global $wgLang;
 		switch ( $field ) {
 			case 'img_timestamp':
-				return $wgLang->timeanddate( $value, true );
+				return htmlspecialchars( $wgLang->timeanddate( $value, true ) );
 			case 'img_name':
 				static $imgfile = null;
 				if ( $imgfile === null ) $imgfile = wfMsg( 'imgfile' );
diff --git a/includes/specials/SpecialListgrouprights.php b/includes/specials/SpecialListgrouprights.php
index 06652d31d4..b5c358ae7b 100644
--- a/includes/specials/SpecialListgrouprights.php
+++ b/includes/specials/SpecialListgrouprights.php
@@ -41,7 +41,7 @@ class SpecialListGroupRights extends SpecialPage {
 		);
 
 		foreach( $wgGroupPermissions as $group => $permissions ) {
-			$groupname = ( $group == '*' ) ? 'all' : htmlspecialchars( $group ); // Replace * with a more descriptive groupname
+			$groupname = ( $group == '*' ) ? 'all' : $group; // Replace * with a more descriptive groupname
 
 			$msg = wfMsg( 'group-' . $groupname );
 			if ( wfEmptyMsg( 'group-' . $groupname, $msg ) || $msg == '' ) {
@@ -59,9 +59,9 @@ class SpecialListGroupRights extends SpecialPage {
 
 			if( $group == '*' ) {
 				// Do not make a link for the generic * group
-				$grouppage = $groupnameLocalized;
+				$grouppage = htmlspecialchars($groupnameLocalized);
 			} else {
-				$grouppage = $this->skin->makeLink( $grouppageLocalized, $groupnameLocalized );
+				$grouppage = $this->skin->makeLink( $grouppageLocalized, htmlspecialchars($groupnameLocalized) );
 			}
 
 			if ( $group === 'user' ) {
diff --git a/includes/specials/SpecialListusers.php b/includes/specials/SpecialListusers.php
index eafc05432f..d39ea4083a 100644
--- a/includes/specials/SpecialListusers.php
+++ b/includes/specials/SpecialListusers.php
@@ -135,7 +135,7 @@ class UsersPager extends AlphabeticPager {
 		global $wgEdititis;
 		if ( $wgEdititis ) {
 			$editCount = $wgLang->formatNum( $row->edits );
-			$edits = ' [' . wfMsgExt( 'usereditcount', 'parsemag', $editCount ) . ']';
+			$edits = ' [' . wfMsgExt( 'usereditcount', array( 'parsemag', 'escape' ), $editCount ) . ']';
 		} else {
 			$edits = '';
 		}
@@ -145,7 +145,8 @@ class UsersPager extends AlphabeticPager {
 		if( $row->creation ) {
 			$d = $wgLang->date( wfTimestamp( TS_MW, $row->creation ), true );
 			$t = $wgLang->time( wfTimestamp( TS_MW, $row->creation ), true );
-			$created = ' (' . wfMsgHtml( 'usercreated', $d, $t ) . ')';
+			$created = ' (' . wfMsg( 'usercreated', $d, $t ) . ')';
+			$created = htmlspecialchars( $created );
 		}
 
 		wfRunHooks( 'SpecialListusersFormatRow', array( &$item, $row ) );
@@ -251,7 +252,7 @@ class UsersPager extends AlphabeticPager {
 	protected static function buildGroupLink( $group ) {
 		static $cache = array();
 		if( !isset( $cache[$group] ) )
-			$cache[$group] = User::makeGroupLinkHtml( $group, User::getGroupMember( $group ) );
+			$cache[$group] = User::makeGroupLinkHtml( $group, htmlspecialchars( User::getGroupMember( $group ) ) );
 		return $cache[$group];
 	}
 }
diff --git a/includes/specials/SpecialNewimages.php b/includes/specials/SpecialNewimages.php
index 3922712f85..511cc3a71a 100644
--- a/includes/specials/SpecialNewimages.php
+++ b/includes/specials/SpecialNewimages.php
@@ -128,7 +128,7 @@ function wfSpecialNewimages( $par, $specialPage ) {
 		$nt = Title::newFromText( $name, NS_FILE );
 		$ul = $sk->link( Title::makeTitle( NS_USER, $ut ), $ut );
 
-		$gallery->add( $nt, "$ul<br />\n<i>".$wgLang->timeanddate( $s->img_timestamp, true )."</i><br />\n" );
+		$gallery->add( $nt, "$ul<br />\n<i>".htmlspecialchars($wgLang->timeanddate( $s->img_timestamp, true ))."</i><br />\n" );
 
 		$timestamp = wfTimestamp( TS_MW, $s->img_timestamp );
 		if( empty( $firstTimestamp ) ) {
@@ -170,7 +170,7 @@ function wfSpecialNewimages( $par, $specialPage ) {
 	$now = wfTimestampNow();
 	$d = $wgLang->date( $now, true );
 	$t = $wgLang->time( $now, true );
-	$dateLink = $sk->makeKnownLinkObj( $titleObj, wfMsgHtml( 'sp-newimages-showfrom', $d, $t ), 
+	$dateLink = $sk->makeKnownLinkObj( $titleObj, htmlspecialchars( wfMsg( 'sp-newimages-showfrom', $d, $t ) ), 
 		'from='.$now.$botpar.$searchpar );
 
 	$botLink = $sk->makeKnownLinkObj($titleObj, wfMsgHtml( 'showhidebots', 
diff --git a/includes/specials/SpecialNewpages.php b/includes/specials/SpecialNewpages.php
index e85238c9e4..c970fdf0f8 100644
--- a/includes/specials/SpecialNewpages.php
+++ b/includes/specials/SpecialNewpages.php
@@ -254,7 +254,7 @@ class SpecialNewpages extends SpecialPage {
 		$dm = $wgContLang->getDirMark();
 
 		$title = Title::makeTitleSafe( $result->rc_namespace, $result->rc_title );
-		$time = $wgLang->timeAndDate( $result->rc_timestamp, true );
+		$time = htmlspecialchars( $wgLang->timeAndDate( $result->rc_timestamp, true ) );
 		$query = $this->patrollable( $result ) ? "rcid={$result->rc_id}&redirect=no" : 'redirect=no';
 		$plink = $this->skin->makeKnownLinkObj( $title, '', $query );
 		$hist = $this->skin->makeKnownLinkObj( $title, wfMsgHtml( 'hist' ), 'action=history' );
diff --git a/includes/specials/SpecialPrefixindex.php b/includes/specials/SpecialPrefixindex.php
index 55e39cf1d0..0d95e5fc89 100644
--- a/includes/specials/SpecialPrefixindex.php
+++ b/includes/specials/SpecialPrefixindex.php
@@ -170,7 +170,7 @@ class SpecialPrefixindex extends SpecialAllpages {
 						$nsForm .
 					'</td>
 					<td id="mw-prefixindex-nav-form">' .
-						$sk->makeKnownLinkObj( $self, wfMsg ( 'allpages' ) );
+						$sk->makeKnownLinkObj( $self, wfMsgHtml( 'allpages' ) );
 
 			if( isset( $res ) && $res && ( $n == $this->maxPerPage ) && ( $s = $res->fetchObject() ) ) {
 				$namespaceparam = $namespace ? "&namespace=$namespace" : "";
diff --git a/includes/specials/SpecialProtectedpages.php b/includes/specials/SpecialProtectedpages.php
index aeb1d7b9c1..1b12970c76 100644
--- a/includes/specials/SpecialProtectedpages.php
+++ b/includes/specials/SpecialProtectedpages.php
@@ -86,7 +86,7 @@ class ProtectedPagesForm {
 			$expiry_description = wfMsg( 'protect-expiring' , $wgLang->timeanddate( $expiry ) , 
 				$wgLang->date( $expiry ) , $wgLang->time( $expiry ) );
 
-			$description_items[] = $expiry_description;
+			$description_items[] = htmlspecialchars($expiry_description);
 		}
 
 		if(!is_null($size = $row->page_len)) {
diff --git a/includes/specials/SpecialRecentchangeslinked.php b/includes/specials/SpecialRecentchangeslinked.php
index 38f79dbca1..59e6bf7cdc 100644
--- a/includes/specials/SpecialRecentchangeslinked.php
+++ b/includes/specials/SpecialRecentchangeslinked.php
@@ -171,7 +171,7 @@ class SpecialRecentchangeslinked extends SpecialRecentchanges {
 		$opts->consumeValues( array( 'showlinkedto', 'target' ) );
 		$extraOpts = array();
 		$extraOpts['namespace'] = $this->namespaceFilterForm( $opts );
-		$extraOpts['target'] = array( wfMsg( 'recentchangeslinked-page' ),
+		$extraOpts['target'] = array( wfMsgHtml( 'recentchangeslinked-page' ),
 			Xml::input( 'target', 40, str_replace('_',' ',$opts['target']) ) .
 			Xml::check( 'showlinkedto', $opts['showlinkedto'], array('id' => 'showlinkedto') ) . ' ' .
 			Xml::label( wfMsg("recentchangeslinked-to"), 'showlinkedto' ) );
diff --git a/includes/specials/SpecialResetpass.php b/includes/specials/SpecialResetpass.php
index 059f8dbd53..dd8b9dd023 100644
--- a/includes/specials/SpecialResetpass.php
+++ b/includes/specials/SpecialResetpass.php
@@ -142,7 +142,7 @@ class SpecialResetpass extends SpecialPage {
 			if ( $type != 'text' )
 				$out .= Xml::label( wfMsg( $label ), $name );
 			else 
-				$out .=  wfMsg( $label );
+				$out .=  wfMsgHtml( $label );
 			$out .= '</td>';
 			$out .= "<td class='mw-input'>";
 			$out .= $field;
diff --git a/includes/specials/SpecialRevisiondelete.php b/includes/specials/SpecialRevisiondelete.php
index 68f4f875da..87f5e09815 100644
--- a/includes/specials/SpecialRevisiondelete.php
+++ b/includes/specials/SpecialRevisiondelete.php
@@ -701,7 +701,7 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
 	private function logLine( $row ) {
 		global $wgLang;
 
-		$date = $wgLang->timeanddate( $row->log_timestamp );
+		$date = htmlspecialchars( $wgLang->timeanddate( $row->log_timestamp ) );
 		$paramArray = LogPage::extractParams( $row->log_params );
 		$title = Title::makeTitle( $row->log_namespace, $row->log_title );
 
diff --git a/includes/specials/SpecialUndelete.php b/includes/specials/SpecialUndelete.php
index 3a3e5719bd..47d6060544 100644
--- a/includes/specials/SpecialUndelete.php
+++ b/includes/specials/SpecialUndelete.php
@@ -897,7 +897,7 @@ class UndeleteForm {
 					$targetPage,
 					wfMsgHtml(
 						'revisionasof',
-						$wgLang->timeanddate( $rev->getTimestamp(), true )
+						htmlspecialchars( $wgLang->timeanddate( $rev->getTimestamp(), true ) )
 					),
 					array(),
 					$targetQuery
@@ -1150,7 +1150,7 @@ class UndeleteForm {
 			}
 		} else {
 			$checkBox = '';
-			$pageLink = $wgLang->timeanddate( $ts, true );
+			$pageLink = htmlspecialchars( $wgLang->timeanddate( $ts, true ) );
 			$last = wfMsgHtml('diff');
 		}
 		$userLink = $sk->revUserTools( $rev );
@@ -1224,10 +1224,12 @@ class UndeleteForm {
 	function getPageLink( $rev, $titleObj, $ts, $sk ) {
 		global $wgLang;
 
+		$time = htmlspecialchars( $wgLang->timeanddate( $ts, true ) );
+
 		if( !$rev->userCan(Revision::DELETED_TEXT) ) {
-			return '<span class="history-deleted">' . $wgLang->timeanddate( $ts, true ) . '</span>';
+			return '<span class="history-deleted">' . $time . '</span>';
 		} else {
-			$link = $sk->makeKnownLinkObj( $titleObj, $wgLang->timeanddate( $ts, true ),
+			$link = $sk->makeKnownLinkObj( $titleObj, $time,
 				"target=".$this->mTargetObj->getPrefixedUrl()."&timestamp=$ts" );
 			if( $rev->isDeleted(Revision::DELETED_TEXT) )
 				$link = '<span class="history-deleted">' . $link . '</span>';
diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php
index a25c614f23..3b98da6716 100644
--- a/includes/specials/SpecialUserrights.php
+++ b/includes/specials/SpecialUserrights.php
@@ -421,7 +421,7 @@ class UserrightsPage extends SpecialPage {
 	private static function buildGroupLink( $group ) {
 		static $cache = array();
 		if( !isset( $cache[$group] ) )
-			$cache[$group] = User::makeGroupLinkHtml( $group, User::getGroupName( $group ) );
+			$cache[$group] = User::makeGroupLinkHtml( $group, htmlspecialchars( User::getGroupName( $group ) ) );
 		return $cache[$group];
 	}
 	
-- 
2.20.1