| Index: trunk/phpwiki/newcodebase/SpecialAsksql.php |
| — | — | @@ -84,7 +84,7 @@ |
| 85 | 85 | |
| 86 | 86 | $r = "<table border=1 bordercolor=black cellspacing=0 " . |
| 87 | 87 | "cellpadding=2><tr>\n"; |
| 88 | | - foreach ( $k as $x ) $r .= "<th>{$x}</th>"; |
| | 88 | + foreach ( $k as $x ) $r .= "<th>" . htmlspecialchars( $x ) . "</th>"; |
| 89 | 89 | $r .= "</tr>\n"; |
| 90 | 90 | |
| 91 | 91 | foreach ( $a as $y ) { |
| — | — | @@ -92,8 +92,11 @@ |
| 93 | 93 | foreach ( $k as $x ) { |
| 94 | 94 | $o = $y->$x ; |
| 95 | 95 | if ( $x == "cur_title" or $x == "old_title" ) { |
| 96 | | - $o = str_replace ( "$1" , $o , $wgArticlePath ) ; |
| 97 | | - $o = "<a href=\"{$o}\" class='internal'>{$y->$x}</a>" ; |
| | 96 | + $o = str_replace ( "$1" , rawurlencode( $o ) , $wgArticlePath ) ; |
| | 97 | + $o = "<a href=\"{$o}\" class='internal'>" . |
| | 98 | + htmlspecialchars( $y->$x ) . "</a>" ; |
| | 99 | + } else { |
| | 100 | + $o = htmlspecialchars( $o ); |
| 98 | 101 | } |
| 99 | 102 | $r .= "<td>" . $o . "</td>\n"; |
| 100 | 103 | } |
| Index: trunk/phpwiki/newcodebase/OutputPage.php |
| — | — | @@ -528,10 +528,10 @@ |
| 529 | 529 | $this->setRobotpolicy( "noindex,nofollow" ); |
| 530 | 530 | $this->setArticleFlag( false ); |
| 531 | 531 | |
| 532 | | - $msg = str_replace( "$1", wfLastDBquery(), wfMsg( "dberrortext" ) ); |
| 533 | | - $msg = str_replace( "$2", $fname, $msg ); |
| | 532 | + $msg = str_replace( "$1", htmlspecialchars( wfLastDBquery() ), wfMsg( "dberrortext" ) ); |
| | 533 | + $msg = str_replace( "$2", htmlspecialchars( $fname ), $msg ); |
| 534 | 534 | $msg = str_replace( "$3", wfLastErrno(), $msg ); |
| 535 | | - $msg = str_replace( "$4", wfLastError(), $msg ); |
| | 535 | + $msg = str_replace( "$4", htmlspecialchars( wfLastError() ), $msg ); |
| 536 | 536 | |
| 537 | 537 | $sk = $wgUser->getSkin(); |
| 538 | 538 | $shlink = $sk->makeKnownLink( wfMsg( "searchhelppage" ), |