diff options
| author | Luke Shumaker <LukeShu@sbcglobal.net> | 2014-06-01 19:12:52 -0400 |
|---|---|---|
| committer | Luke Shumaker <LukeShu@sbcglobal.net> | 2014-06-01 19:12:52 -0400 |
| commit | c2bfd4b6e3ef8436c5963ace9435b4c0555f047f (patch) | |
| tree | 2d0c8f68f18d5f87b3f5bf9980bfcfc3833c4c5e /includes/specials | |
| parent | 3d86add3dfa5e0b3ead9859593d4a52cf7555a34 (diff) | |
| parent | 3d92394be2570f9f49c7904cacc2bc8d790e72f2 (diff) | |
Merge branch 'archwiki'
Diffstat (limited to 'includes/specials')
| -rw-r--r-- | includes/specials/SpecialPasswordReset.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php index c486ba01..d9faacca 100644 --- a/includes/specials/SpecialPasswordReset.php +++ b/includes/specials/SpecialPasswordReset.php @@ -208,7 +208,8 @@ class SpecialPasswordReset extends FormSpecialPage { $firstUser = $users[0]; if ( !$firstUser instanceof User || !$firstUser->getID() ) { - return array( array( 'nosuchuser', $data['Username'] ) ); + // Don't parse username as wikitext (bug 65501) + return array( array( 'nosuchuser', wfEscapeWikiText( $data['Username'] ) ) ); } // Check against the rate limiter @@ -235,7 +236,7 @@ class SpecialPasswordReset extends FormSpecialPage { // All the users will have the same email address if ( $firstUser->getEmail() == '' ) { // This won't be reachable from the email route, so safe to expose the username - return array( array( 'noemail', $firstUser->getName() ) ); + return array( array( 'noemail', wfEscapeWikiText( $firstUser->getName() ) ) ); } // We need to have a valid IP address for the hook, but per bug 18347, we should |