summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialRestrictUser.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialRestrictUser.php')
-rw-r--r--includes/specials/SpecialRestrictUser.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/includes/specials/SpecialRestrictUser.php b/includes/specials/SpecialRestrictUser.php
index 761e0cd6..b946cde8 100644
--- a/includes/specials/SpecialRestrictUser.php
+++ b/includes/specials/SpecialRestrictUser.php
@@ -37,7 +37,8 @@ function wfSpecialRestrictUser( $par = null ) {
class RestrictUserForm {
public static function selectUserForm( $val = null, $error = null ) {
global $wgScript, $wgTitle;
- $s = Xml::fieldset( wfMsg( 'restrictuser-userselect' ) ) . "<form action=\"{$wgScript}\">";
+ $action = htmlspecialchars( $wgScript );
+ $s = Xml::fieldset( wfMsg( 'restrictuser-userselect' ) ) . "<form action=\"{$action}\">";
if( $error )
$s .= '<p>' . $error . '</p>';
$s .= Xml::hidden( 'title', $wgTitle->getPrefixedDbKey() );