diff options
| author | Pierre Schmitz <pierre@archlinux.de> | 2014-05-30 06:21:55 +0200 |
|---|---|---|
| committer | Pierre Schmitz <pierre@archlinux.de> | 2014-05-30 06:21:55 +0200 |
| commit | 3d92394be2570f9f49c7904cacc2bc8d790e72f2 (patch) | |
| tree | a4d4d6c1db453dd39f2c875797734f13dec6d5a1 /includes/specials | |
| parent | 2e44b49a2db3026050b136de9b00f749dd3ff939 (diff) | |
Update to MediaWiki 1.22.7
Diffstat (limited to 'includes/specials')
| -rw-r--r-- | includes/specials/SpecialPasswordReset.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php index c486ba01..d9faacca 100644 --- a/includes/specials/SpecialPasswordReset.php +++ b/includes/specials/SpecialPasswordReset.php @@ -208,7 +208,8 @@ class SpecialPasswordReset extends FormSpecialPage { $firstUser = $users[0]; if ( !$firstUser instanceof User || !$firstUser->getID() ) { - return array( array( 'nosuchuser', $data['Username'] ) ); + // Don't parse username as wikitext (bug 65501) + return array( array( 'nosuchuser', wfEscapeWikiText( $data['Username'] ) ) ); } // Check against the rate limiter @@ -235,7 +236,7 @@ class SpecialPasswordReset extends FormSpecialPage { // All the users will have the same email address if ( $firstUser->getEmail() == '' ) { // This won't be reachable from the email route, so safe to expose the username - return array( array( 'noemail', $firstUser->getName() ) ); + return array( array( 'noemail', wfEscapeWikiText( $firstUser->getName() ) ) ); } // We need to have a valid IP address for the hook, but per bug 18347, we should |