summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialPasswordReset.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialPasswordReset.php')
-rw-r--r--includes/specials/SpecialPasswordReset.php5
1 files changed, 3 insertions, 2 deletions
diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php
index c486ba01..d9faacca 100644
--- a/includes/specials/SpecialPasswordReset.php
+++ b/includes/specials/SpecialPasswordReset.php
@@ -208,7 +208,8 @@ class SpecialPasswordReset extends FormSpecialPage {
$firstUser = $users[0];
if ( !$firstUser instanceof User || !$firstUser->getID() ) {
- return array( array( 'nosuchuser', $data['Username'] ) );
+ // Don't parse username as wikitext (bug 65501)
+ return array( array( 'nosuchuser', wfEscapeWikiText( $data['Username'] ) ) );
}
// Check against the rate limiter
@@ -235,7 +236,7 @@ class SpecialPasswordReset extends FormSpecialPage {
// All the users will have the same email address
if ( $firstUser->getEmail() == '' ) {
// This won't be reachable from the email route, so safe to expose the username
- return array( array( 'noemail', $firstUser->getName() ) );
+ return array( array( 'noemail', wfEscapeWikiText( $firstUser->getName() ) ) );
}
// We need to have a valid IP address for the hook, but per bug 18347, we should
generated by cgit v1.2.2 (git 2.25.0) at 2024-04-19 08:33:16 +0000