http://www.mediawiki.org/wiki/Special:Code/MediaWiki/56278
Revision: 56278
Author: aaron
Date: 2009-09-13 19:30:53 +0000 (Sun, 13 Sep 2009)
Log Message:
-----------
Escape $reason in html
Modified Paths:
--------------
trunk/extensions/ConfirmAccount/ConfirmAccount_body.php
Modified: trunk/extensions/ConfirmAccount/ConfirmAccount_body.php
===================================================================
--- trunk/extensions/ConfirmAccount/ConfirmAccount_body.php 2009-09-13
19:11:50 UTC (rev 56277)
+++ trunk/extensions/ConfirmAccount/ConfirmAccount_body.php 2009-09-13
19:30:53 UTC (rev 56278)
@@ -217,7 +217,8 @@
$datim = $wgLang->timeanddate( wfTimestamp(TS_MW,
$row->acr_rejected), true );
$date = $wgLang->date( wfTimestamp(TS_MW,
$row->acr_rejected), true );
$time = $wgLang->time( wfTimestamp(TS_MW,
$row->acr_rejected), true );
- $reason = $row->acr_comment ? $row->acr_comment :
wfMsgHtml('confirmaccount-noreason');
+ $reason = $row->acr_comment ?
+ htmlspecialchars($row->acr_comment) :
wfMsgHtml('confirmaccount-noreason');
# Auto-rejected requests have a user ID of zero
if( $row->acr_user ) {
$wgOut->addHTML('<p><b>'.wfMsgExt(
'confirmaccount-reject', array('parseinline'),
@@ -225,7 +226,7 @@
$wgOut->addHTML( '<p><strong>' .
wfMsgHtml('confirmaccount-rational') . '</strong><i> ' .
$reason . '</i></p>' );
} else {
- $wgOut->addHTML( '<p><i> ' . $reason .
'</i></p>' );
+ $wgOut->addHTML( "<p><i> $reason </i></p>" );
}
} else if( $row->acr_held ) {
$datim = $wgLang->timeanddate( wfTimestamp(TS_MW,
$row->acr_held), true );
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
