From efc3bcf6cab160cbf08c2dd1825e93ef32abf56f Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 22 Aug 2005 06:31:57 +0000 Subject: [PATCH] * (bug 3220) Fix escaping of block URLs in Recentchanges Username with & would be cut off in the resulting form. Also did some corrective escaping on username links for XML validation --- RELEASE-NOTES | 1 + includes/ChangesList.php | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a841a478e1..988bf2481a 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -43,6 +43,7 @@ Misc work going on..... * (bug 1956) Hide bot uploads from Special:Newimages * (bug 3216) Don't show empty warning page when no warnings. * (bug 3218) Use proper quoting on history Compare Revisions button +* (bug 3220) Fix escaping of block URLs in Recentchanges === Caveats === diff --git a/includes/ChangesList.php b/includes/ChangesList.php index 1b83947f44..62761e3b24 100644 --- a/includes/ChangesList.php +++ b/includes/ChangesList.php @@ -365,7 +365,7 @@ class ChangesList { $rc_user_text, 'target=' . $rc_user_text ); } else { $userPage =& Title::makeTitle( NS_USER, $rc_user_text ); - $userLink = $this->skin->makeLinkObj( $userPage, $rc_user_text ); + $userLink = $this->skin->makeLinkObj( $userPage, htmlspecialchars( $rc_user_text ) ); } $s .= $userLink; @@ -376,14 +376,14 @@ class ChangesList { $userTalkLink = ''; } else { $userTalkPage =& Title::makeTitle( NS_USER_TALK, $rc_user_text ); - $userTalkLink= $this->skin->makeLinkObj( $userTalkPage, $talkname ); + $userTalkLink= $this->skin->makeLinkObj( $userTalkPage, htmlspecialchars( $talkname ) ); } # Block link $blockLink=''; if ( ( $wgSysopUserBans || 0 == $rc_user ) && $wgUser->isAllowed('block') ) { $blockLinkPage = Title::makeTitle( NS_SPECIAL, 'Blockip' ); $blockLink = $this->skin->makeKnownLinkObj( $blockLinkPage, - $message['blocklink'], 'ip='.$rc_user_text ); + htmlspecialchars( $message['blocklink'] ), 'ip=' . urlencode( $rc_user_text ) ); } if($blockLink) { -- 2.20.1