From 14f74d141ab5580688bfd46d2f74c026e43ed967 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Wed, 1 Apr 2015 06:11:44 +0200
Subject: Update to MediaWiki 1.24.2

---
 includes/Html.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'includes/Html.php')

diff --git a/includes/Html.php b/includes/Html.php
index 1e16e394..2e148140 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -546,17 +546,20 @@ class Html {
 			} else {
 				// Apparently we need to entity-encode \n, \r, \t, although the
 				// spec doesn't mention that.  Since we're doing strtr() anyway,
-				// and we don't need <> escaped here, we may as well not call
-				// htmlspecialchars().
+				// we may as well not call htmlspecialchars().
 				// @todo FIXME: Verify that we actually need to
 				// escape \n\r\t here, and explain why, exactly.
 				#
 				// We could call Sanitizer::encodeAttribute() for this, but we
 				// don't because we're stubborn and like our marginal savings on
 				// byte size from not having to encode unnecessary quotes.
+				// The only difference between this transform and the one by
+				// Sanitizer::encodeAttribute() is '<' is only encoded here if
+				// $wgWellFormedXml is set, and ' is not encoded.
 				$map = array(
 					'&' => '&amp;',
 					'"' => '&quot;',
+					'>' => '&gt;',
 					"\n" => '&#10;',
 					"\r" => '&#13;',
 					"\t" => '&#9;'
-- 
cgit v1.2.3-54-g00ecf