escaping quotes in breadcrumbs to improve security
authorMilos Dinic <milossh@bitbucket.org>
Fri, 10 Dec 2010 03:41:01 +0100
changeset 45 bbac83daa5ded9bef39ffe8f80e1efc6200f4a60
parent 44 50c8563150e95a72344dff26116c566b326f8cf4
child 46 d14219fa04beaca66f1c82e0289ea1d05a2dac48
push id22
push userzbraniecki@mozilla.com
push dateFri, 10 Dec 2010 02:47:45 +0000
escaping quotes in breadcrumbs to improve security
mediawiki/skins/gmo.php
--- a/mediawiki/skins/gmo.php
+++ b/mediawiki/skins/gmo.php
@@ -195,17 +195,17 @@ class GMOTemplate extends QuickTemplate 
                     <?php
                     $last_piece = end($pieces); /* define a last item in array */
                     $elements_count = count($pieces);
                     $elements_count -= 1;
                     foreach ($pieces as $key => $url) {
                         $label = ucwords($url);
                         $moj_niz = array(0 => "Revision History", 1 => "action=edit");
                         $moj_niz[] = $label; 
-                        $url = htmlspecialchars"http://guides.stage.mozilla.com/";
+                        $url = "http://guides.stage.mozilla.com/";
                         foreach ($moj_niz as $kljuc => $clan) {
                             if(!substr($pieces[i], $clan) >= 0) {
                                 unset($pieces[i]);  /* remove edit page, history revision and such from breadcrumbs */
                                 } 
                             else {}
                         }
                         for ($i = 0; $i <= $key; $i++) {
                             if($i == $elements_count) { $url .= $pieces[$i]; }