$firstUser = $users[0];
if ( !$firstUser instanceof User || !$firstUser->getID() ) {
- return array( array( 'nosuchuser', $data['Username'] ) );
+ // Don't parse username as wikitext (bug 65501)
+ return array( array( 'nosuchuser', wfEscapeWikiText( $data['Username'] ) ) );
}
// Check against the rate limiter
// All the users will have the same email address
if ( $firstUser->getEmail() == '' ) {
// This won't be reachable from the email route, so safe to expose the username
- return array( array( 'noemail', $firstUser->getName() ) );
+ return array( array( 'noemail', wfEscapeWikiText( $firstUser->getName() ) ) );
}
// We need to have a valid IP address for the hook, but per bug 18347, we should