Fix escaping in Special:GadgetUsage.

wfEscapeWikiText() is incorrect in this context. It escapes HTML, but also escapes a whole bunch of other stuff that is not needed here Also: Prefer html::element for escaping, because it makes it easier to see at a glance everything is escaped. Change-Id: I91b0722ea98f1e20339c7e0aa839c1073b778ed5
2024-11-28 17:20:18 +00:00 · 2015-10-27 03:23:42 -06:00 · 2015-10-27 03:23:42 -06:00 · 246329b7fc
parent e009534e5c
commit 246329b7fc
1 changed files with 5 additions and 5 deletions
--- a/SpecialGadgetUsage.php
+++ b/SpecialGadgetUsage.php
@ -71,7 +71,7 @@ class SpecialGadgetUsage extends QueryPage {
 		$headers = array( 'gadgetusage-gadget', 'gadgetusage-usercount' );
 		foreach( $headers as $h ) {
-			$html .= Html::rawElement( 'th', array(), $this->msg( $h )->escaped() );
+			$html .= Html::element( 'th', array(), $this->msg( $h )->text() );
 		}
 		$html .= Html::closeElement( 'tr' );
 		$this->getOutput()->addHTML( $html );
@ -80,15 +80,15 @@ class SpecialGadgetUsage extends QueryPage {
 	/**
 	 * @param Skin $skin
 	 * @param object $result Result row
-	 * @return string bool
+	 * @return string|bool String of HTML
 	 */
 	public function formatResult( $skin, $result ) {
-		$gadgetTitle = wfEscapeWikiText( substr( $result->title, 7 ) );
+		$gadgetTitle = substr( $result->title, 7 );
 		$gadgetUserCount = $this->getLanguage()->formatNum( $result->value );
 		if ( $gadgetTitle ) {
 			$html = Html::openElement( 'tr', array() );
-			$html .= Html::rawElement( 'td', array(), $gadgetTitle );
+			$html .= Html::element( 'td', array(), $gadgetTitle );
-			$html .= Html::rawElement( 'td', array(), $gadgetUserCount );
+			$html .= Html::element( 'td', array(), $gadgetUserCount );
 			$html .= Html::closeElement( 'tr' );
 			return $html;
 		}