| Index: trunk/phase3/includes/ProtectionForm.php |
| — | — | @@ -237,7 +237,8 @@ |
| 238 | 238 | $wgOut->showPermissionsErrorPage( $this->mPermErrors ); |
| 239 | 239 | } |
| 240 | 240 | } else { |
| 241 | | - $wgOut->addWikiMsg( 'protect-text', $this->mTitle->getPrefixedText() ); |
| | 241 | + $wgOut->addWikiMsg( 'protect-text', |
| | 242 | + wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ); |
| 242 | 243 | } |
| 243 | 244 | |
| 244 | 245 | $wgOut->addHTML( $this->buildForm() ); |
| Index: trunk/phase3/includes/Article.php |
| — | — | @@ -1439,7 +1439,7 @@ |
| 1440 | 1440 | |
| 1441 | 1441 | if ( !$user->isLoggedIn() && !$ip ) { # User does not exist |
| 1442 | 1442 | $wgOut->wrapWikiMsg( "<div class=\"mw-userpage-userdoesnotexist error\">\n\$1\n</div>", |
| 1443 | | - array( 'userpage-userdoesnotexist-view', $rootPart ) ); |
| | 1443 | + array( 'userpage-userdoesnotexist-view', wfEscapeWikiText( $rootPart ) ) ); |
| 1444 | 1444 | } elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked |
| 1445 | 1445 | LogEventsList::showLogExtract( |
| 1446 | 1446 | $wgOut, |
| — | — | @@ -2732,7 +2732,8 @@ |
| 2733 | 2733 | Html::rawElement( |
| 2734 | 2734 | 'div', |
| 2735 | 2735 | array( 'class' => 'error mw-error-cannotdelete' ), |
| 2736 | | - wfMsgExt( 'cannotdelete', array( 'parse' ), $this->mTitle->getPrefixedText() ) |
| | 2736 | + wfMsgExt( 'cannotdelete', array( 'parse' ), |
| | 2737 | + wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ) |
| 2737 | 2738 | ) |
| 2738 | 2739 | ); |
| 2739 | 2740 | $wgOut->addHTML( Xml::element( 'h2', null, LogPage::logName( 'delete' ) ) ); |
| — | — | @@ -3000,7 +3001,7 @@ |
| 3001 | 3002 | |
| 3002 | 3003 | $loglink = '[[Special:Log/delete|' . wfMsgNoTrans( 'deletionlog' ) . ']]'; |
| 3003 | 3004 | |
| 3004 | | - $wgOut->addWikiMsg( 'deletedtext', $deleted, $loglink ); |
| | 3005 | + $wgOut->addWikiMsg( 'deletedtext', wfEscapeWikiText( $deleted ), $loglink ); |
| 3005 | 3006 | $wgOut->returnToMain( false ); |
| 3006 | 3007 | } else { |
| 3007 | 3008 | if ( $error == '' ) { |
| — | — | @@ -3008,7 +3009,8 @@ |
| 3009 | 3010 | Html::rawElement( |
| 3010 | 3011 | 'div', |
| 3011 | 3012 | array( 'class' => 'error mw-error-cannotdelete' ), |
| 3012 | | - wfMsgExt( 'cannotdelete', array( 'parse' ), $this->mTitle->getPrefixedText() ) |
| | 3013 | + wfMsgExt( 'cannotdelete', array( 'parse' ), |
| | 3014 | + wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ) |
| 3013 | 3015 | ) |
| 3014 | 3016 | ); |
| 3015 | 3017 | |
| Index: trunk/phase3/includes/EditPage.php |
| — | — | @@ -792,7 +792,7 @@ |
| 793 | 793 | $ip = User::isIP( $username ); |
| 794 | 794 | if ( !$user->isLoggedIn() && !$ip ) { # User does not exist |
| 795 | 795 | $wgOut->wrapWikiMsg( "<div class=\"mw-userpage-userdoesnotexist error\">\n$1\n</div>", |
| 796 | | - array( 'userpage-userdoesnotexist', $username ) ); |
| | 796 | + array( 'userpage-userdoesnotexist', wfEscapeWikiText( $username ) ) ); |
| 797 | 797 | } elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked |
| 798 | 798 | LogEventsList::showLogExtract( |
| 799 | 799 | $wgOut, |
| Index: trunk/phase3/includes/actions/DeleteAction.php |
| — | — | @@ -204,7 +204,7 @@ |
| 205 | 205 | $this->getOutput()->setPagetitle( wfMsg( 'actioncomplete' ) ); |
| 206 | 206 | $this->getOutput()->addWikiMsg( |
| 207 | 207 | 'deletedtext', |
| 208 | | - $this->getTitle()->getPrefixedText(), |
| | 208 | + wfEscapeWikiText( $this->getTitle()->getPrefixedText() ), |
| 209 | 209 | '[[Special:Log/delete|' . wfMsgNoTrans( 'deletionlog' ) . ']]' |
| 210 | 210 | ); |
| 211 | 211 | $this->getOutput()->returnToMain( false ); |
| Index: trunk/phase3/includes/specials/SpecialUserlogin.php |
| — | — | @@ -696,9 +696,11 @@ |
| 697 | 697 | break; |
| 698 | 698 | case self::NOT_EXISTS: |
| 699 | 699 | if( $wgUser->isAllowed( 'createaccount' ) ) { |
| 700 | | - $this->mainLoginForm( wfMsgExt( 'nosuchuser', 'parseinline', $this->mUsername ) ); |
| | 700 | + $this->mainLoginForm( wfMsgExt( 'nosuchuser', 'parseinline', |
| | 701 | + wfEscapeWikiText( $this->mUsername ) ) ); |
| 701 | 702 | } else { |
| 702 | | - $this->mainLoginForm( wfMsg( 'nosuchusershort', htmlspecialchars( $this->mUsername ) ) ); |
| | 703 | + $this->mainLoginForm( wfMsg( 'nosuchusershort', |
| | 704 | + wfEscapeWikiText( $this->mUsername ) ) ); |
| 703 | 705 | } |
| 704 | 706 | break; |
| 705 | 707 | case self::WRONG_PASS: |
| Index: trunk/phase3/includes/specials/SpecialBlock.php |
| — | — | @@ -486,7 +486,8 @@ |
| 487 | 487 | if( $type == Block::TYPE_USER ){ |
| 488 | 488 | # TODO: why do we not have a User->exists() method? |
| 489 | 489 | if( !$target->getId() ){ |
| 490 | | - return wfMessage( 'nosuchusershort', $target->getName() ); |
| | 490 | + return wfMessage( 'nosuchusershort', |
| | 491 | + wfEscapeWikiText( $target->getName() ) ); |
| 491 | 492 | } |
| 492 | 493 | |
| 493 | 494 | $status = self::checkUnblockSelf( $target ); |
| Index: trunk/phase3/languages/messages/MessagesEn.php |
| — | — | @@ -1090,7 +1090,7 @@ |
| 1091 | 1091 | 'nosuchuser' => 'There is no user by the name "$1". |
| 1092 | 1092 | Usernames are case sensitive. |
| 1093 | 1093 | Check your spelling, or [[Special:UserLogin/signup|create a new account]].', |
| 1094 | | -'nosuchusershort' => 'There is no user by the name "<nowiki>$1</nowiki>". |
| | 1094 | +'nosuchusershort' => 'There is no user by the name "$1". |
| 1095 | 1095 | Check your spelling.', |
| 1096 | 1096 | 'nouserspecified' => 'You have to specify a username.', |
| 1097 | 1097 | 'login-userblocked' => 'This user is blocked. Login not allowed.', |
| — | — | @@ -1319,9 +1319,9 @@ |
| 1320 | 1320 | You can [[Special:Search/{{PAGENAME}}|search for this page title]] in other pages, |
| 1321 | 1321 | or <span class="plainlinks">[{{fullurl:{{#Special:Log}}|page={{FULLPAGENAMEE}}}} search the related logs]</span>.', |
| 1322 | 1322 | 'noarticletextanon' => '{{int:noarticletext}}', # do not translate or duplicate this message to other languages |
| 1323 | | -'userpage-userdoesnotexist' => 'User account "<nowiki>$1</nowiki>" is not registered. |
| | 1323 | +'userpage-userdoesnotexist' => 'User account "$1" is not registered. |
| 1324 | 1324 | Please check if you want to create/edit this page.', |
| 1325 | | -'userpage-userdoesnotexist-view' => 'User account "<nowiki>$1</nowiki>" is not registered.', |
| | 1325 | +'userpage-userdoesnotexist-view' => 'User account "$1" is not registered.', |
| 1326 | 1326 | 'blocked-notice-logextract' => 'This user is currently blocked. |
| 1327 | 1327 | The latest block log entry is provided below for reference:', |
| 1328 | 1328 | 'clearyourcache' => "'''Note: After saving, you may have to bypass your browser's cache to see the changes.''' |
| — | — | @@ -2797,7 +2797,7 @@ |
| 2798 | 2798 | Please confirm that you intend to do this, that you understand the consequences, and that you are doing this in accordance with [[{{MediaWiki:Policy-url}}|the policy]].', |
| 2799 | 2799 | 'actioncomplete' => 'Action complete', |
| 2800 | 2800 | 'actionfailed' => 'Action failed', |
| 2801 | | -'deletedtext' => '"<nowiki>$1</nowiki>" has been deleted. |
| | 2801 | +'deletedtext' => '"$1" has been deleted. |
| 2802 | 2802 | See $2 for a record of recent deletions.', |
| 2803 | 2803 | 'deletedarticle' => 'deleted "[[$1]]"', |
| 2804 | 2804 | 'suppressedarticle' => 'suppressed "[[$1]]"', |
| — | — | @@ -2859,7 +2859,7 @@ |
| 2860 | 2860 | 'protect_expiry_invalid' => 'Expiry time is invalid.', |
| 2861 | 2861 | 'protect_expiry_old' => 'Expiry time is in the past.', |
| 2862 | 2862 | 'protect-unchain-permissions' => 'Unlock further protect options', |
| 2863 | | -'protect-text' => "You may view and change the protection level here for the page '''<nowiki>$1</nowiki>'''.", |
| | 2863 | +'protect-text' => "You may view and change the protection level here for the page '''$1'''.", |
| 2864 | 2864 | 'protect-locked-blocked' => "You cannot change protection levels while blocked. |
| 2865 | 2865 | Here are the current settings for the page '''$1''':", |
| 2866 | 2866 | 'protect-locked-dblock' => "Protection levels cannot be changed due to an active database lock. |