diff options
Diffstat (limited to 'includes/specials/SpecialPasswordReset.php')
| -rw-r--r-- | includes/specials/SpecialPasswordReset.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php index c486ba01..d9faacca 100644 --- a/includes/specials/SpecialPasswordReset.php +++ b/includes/specials/SpecialPasswordReset.php @@ -208,7 +208,8 @@ class SpecialPasswordReset extends FormSpecialPage { $firstUser = $users[0]; if ( !$firstUser instanceof User || !$firstUser->getID() ) { - return array( array( 'nosuchuser', $data['Username'] ) ); + // Don't parse username as wikitext (bug 65501) + return array( array( 'nosuchuser', wfEscapeWikiText( $data['Username'] ) ) ); } // Check against the rate limiter @@ -235,7 +236,7 @@ class SpecialPasswordReset extends FormSpecialPage { // All the users will have the same email address if ( $firstUser->getEmail() == '' ) { // This won't be reachable from the email route, so safe to expose the username - return array( array( 'noemail', $firstUser->getName() ) ); + return array( array( 'noemail', wfEscapeWikiText( $firstUser->getName() ) ) ); } // We need to have a valid IP address for the hook, but per bug 18347, we should |