From ef01612ab6438f6c323bc7336a1054d25e159cb4 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@member.fsf.org>
Date: Mon, 3 Sep 2018 22:53:58 -0700
Subject: [PATCH] Fix escaping issues with messages

Notably, content passed to Language::convert() needs to be escaped beforehand.

Spotted by phan-taint-check-plugin.

Change-Id: Id8a5f8bbe635e2f321882296e40dd0c41cf91a3b
---
 includes/TimelessTemplate.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/includes/TimelessTemplate.php b/includes/TimelessTemplate.php
index b961b3c..6f6a600 100644
--- a/includes/TimelessTemplate.php
+++ b/includes/TimelessTemplate.php
@@ -272,15 +272,15 @@ class TimelessTemplate extends BaseTemplate {
 		if ( $part !== 'image' ) {
 			$titleClass = '';
 			if ( $language->hasVariants() ) {
-				$siteTitle = $language->convert( $this->getMsg( 'timeless-sitetitle' )->text() );
+				$siteTitle = $language->convert( $this->getMsg( 'timeless-sitetitle' )->escaped() );
 			} else {
-				$siteTitle = $this->getMsg( 'timeless-sitetitle' )->text();
+				$siteTitle = $this->getMsg( 'timeless-sitetitle' )->escaped();
 			}
 			// width is 11em; 13 characters will probably fit?
 			if ( mb_strlen( $siteTitle ) > 13 ) {
 				$titleClass = 'long';
 			}
-			$html .= Html::element( 'a', [
+			$html .= Html::rawElement( 'a', [
 					'id' => 'p-banner',
 					'class' => [ 'mw-wiki-title', $titleClass ],
 					'href' => $this->data['nav_urls']['mainpage']['href']
@@ -315,7 +315,7 @@ class TimelessTemplate extends BaseTemplate {
 		$html .= Html::rawElement(
 			'h3',
 			[ 'lang' => $this->get( 'userlang' ), 'dir' => $this->get( 'dir' ) ],
-			Html::rawElement( 'label', [ 'for' => 'searchInput' ], $this->getMsg( 'search' )->text() )
+			Html::rawElement( 'label', [ 'for' => 'searchInput' ], $this->getMsg( 'search' )->escaped() )
 		);
 
 		$html .= Html::rawElement( 'form', [ 'action' => $this->get( 'wgScript' ), 'id' => 'searchform' ],