summaryrefslogtreecommitdiff
path: root/includes/SkinTemplate.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/SkinTemplate.php')
-rw-r--r--includes/SkinTemplate.php6
1 files changed, 5 insertions, 1 deletions
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index e41b5e7d..2dd00980 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -298,7 +298,11 @@ class SkinTemplate extends Skin {
$tpl->set( 'specialpageattributes', '' ); # obsolete
if ( $userlang !== $wgContLang->getHtmlCode() || $userdir !== $wgContLang->getDir() ) {
- $attrs = " lang='$userlang' dir='$userdir'";
+ $escUserlang = htmlspecialchars( $userlang );
+ $escUserdir = htmlspecialchars( $userdir );
+ // Attributes must be in double quotes because htmlspecialchars() doesn't
+ // escape single quotes
+ $attrs = " lang=\"$escUserlang\" dir=\"$escUserdir\"";
$tpl->set( 'userlangattributes', $attrs );
}
generated by cgit v1.2.2 (git 2.25.0) at 2024-04-26 05:42:20 +0000