Make sure to normalize invalid character references.

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 26bf20b..1aa4834 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -593,7 +593,9 @@ function wfMsgExt( $key, $options ) {
        if ( in_array('escape', $options) ) {
                $string = htmlspecialchars ( $string );
        } elseif ( in_array( 'escapenoentities', $options ) ) {
-               $string = str_replace( '&', '&', htmlspecialchars( $string ) );
+               $string = htmlspecialchars( $string );
+               $string = str_replace( '&', '&', $string );
+               $string = Sanitizer::normalizeCharReferences( $string );
        }
 
        if( in_array('replaceafter', $options) ) {