| Index: branches/REL1_14/phase3/includes/specials/SpecialBlockip.php |
| — | — | @@ -525,7 +525,7 @@ |
| 526 | 526 | */ |
| 527 | 527 | private function getContribsLink( $skin ) { |
| 528 | 528 | $contribsPage = SpecialPage::getTitleFor( 'Contributions', $this->BlockAddress ); |
| 529 | | - return $skin->link( $contribsPage, wfMsgHtml( 'ipb-blocklist-contribs', $this->BlockAddress ) ); |
| | 529 | + return $skin->link( $contribsPage, wfMsgExt( 'ipb-blocklist-contribs', 'escape', $this->BlockAddress ) ); |
| 530 | 530 | } |
| 531 | 531 | |
| 532 | 532 | /** |
| Index: branches/REL1_14/phase3/RELEASE-NOTES |
| — | — | @@ -33,6 +33,7 @@ |
| 34 | 34 | * (bug 17832) Fixed action=delete returning 'unknownerror' instead of |
| 35 | 35 | 'permissiondenied' when the user is blocked |
| 36 | 36 | * Fixed performance regression when accessing deleted (archived) files |
| | 37 | +* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block |
| 37 | 38 | |
| 38 | 39 | == Changes since 1.14.0rc1 == |
| 39 | 40 | |
| Index: branches/REL1_15/phase3/includes/specials/SpecialBlockip.php |
| — | — | @@ -632,7 +632,7 @@ |
| 633 | 633 | */ |
| 634 | 634 | private function getContribsLink( $skin ) { |
| 635 | 635 | $contribsPage = SpecialPage::getTitleFor( 'Contributions', $this->BlockAddress ); |
| 636 | | - return $skin->link( $contribsPage, wfMsgHtml( 'ipb-blocklist-contribs', $this->BlockAddress ) ); |
| | 636 | + return $skin->link( $contribsPage, wfMsgExt( 'ipb-blocklist-contribs', 'escape', $this->BlockAddress ) ); |
| 637 | 637 | } |
| 638 | 638 | |
| 639 | 639 | /** |
| Index: branches/REL1_15/phase3/RELEASE-NOTES |
| — | — | @@ -26,6 +26,7 @@ |
| 27 | 27 | ForeignAPIRepo. |
| 28 | 28 | * Fixed the "change password" link on Special:Preferences to have the correct |
| 29 | 29 | returnto parameter. |
| | 30 | +* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block |
| 30 | 31 | |
| 31 | 32 | === Changes since 1.15.0rc1 === |
| 32 | 33 | |