From 3d92394be2570f9f49c7904cacc2bc8d790e72f2 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Fri, 30 May 2014 06:21:55 +0200
Subject: Update to MediaWiki 1.22.7

---
 includes/specials/SpecialPasswordReset.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'includes/specials')

diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php
index c486ba01..d9faacca 100644
--- a/includes/specials/SpecialPasswordReset.php
+++ b/includes/specials/SpecialPasswordReset.php
@@ -208,7 +208,8 @@ class SpecialPasswordReset extends FormSpecialPage {
 		$firstUser = $users[0];
 
 		if ( !$firstUser instanceof User || !$firstUser->getID() ) {
-			return array( array( 'nosuchuser', $data['Username'] ) );
+			// Don't parse username as wikitext (bug 65501)
+			return array( array( 'nosuchuser', wfEscapeWikiText( $data['Username'] ) ) );
 		}
 
 		// Check against the rate limiter
@@ -235,7 +236,7 @@ class SpecialPasswordReset extends FormSpecialPage {
 		// All the users will have the same email address
 		if ( $firstUser->getEmail() == '' ) {
 			// This won't be reachable from the email route, so safe to expose the username
-			return array( array( 'noemail', $firstUser->getName() ) );
+			return array( array( 'noemail', wfEscapeWikiText( $firstUser->getName() ) ) );
 		}
 
 		// We need to have a valid IP address for the hook, but per bug 18347, we should
-- 
cgit v1.2.3-54-g00ecf