From fb6d3a45f881106bb57c59dc496aaf032f809f64 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Niklas=20Laxstr=C3=B6m?= <nikerabbit@users.mediawiki.org>
Date: Sat, 10 May 2008 10:10:52 +0000
Subject: [PATCH] * Use Xml:: functions and remove the huge warning about
 escaping

---
 includes/PageHistory.php | 20 +++-----------------
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/includes/PageHistory.php b/includes/PageHistory.php
index 13b021c71d..1710e33f57 100644
--- a/includes/PageHistory.php
+++ b/includes/PageHistory.php
@@ -135,25 +135,11 @@ class PageHistory {
 	 * @return string HTML output
 	 */
 	function beginHistoryList() {
-		global $wgTitle;
+		global $wgTitle, $wgScript;
 		$this->lastdate = '';
 		$s = wfMsgExt( 'histlegend', array( 'parse') );
-		$s .= '<form action="' . $wgTitle->escapeLocalURL( '-' ) . '" method="get">';
-		$prefixedkey = htmlspecialchars($wgTitle->getPrefixedDbKey());
-
-		// The following line is SUPPOSED to have double-quotes around the
-		// $prefixedkey variable, because htmlspecialchars() doesn't escape
-		// single-quotes.
-		//
-		// On at least two occasions people have changed it to single-quotes,
-		// which creates invalid HTML and incorrect display of the resulting
-		// link.
-		//
-		// Please do not break this a third time. Thank you for your kind
-		// consideration and cooperation.
-		//
-		$s .= "<input type='hidden' name='title' value=\"{$prefixedkey}\" />\n";
-
+		$s .= Xml::openElement( 'form', array( 'action' => $wgScript ) );
+		$s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );
 		$s .= $this->submitButton();
 		$s .= '<ul id="pagehistory">' . "\n";
 		return $s;
-- 
2.20.1