Edit notes should be fed through htmlspecialchars

[dartar]

I made a edit note: removed a <?php (to much) and got removed a . Perhaps replacing <> would be the better option? --NilsLindenberg

Funny - I just stumbled over the same problem - only in the RecentChanges newsfeed: the <?php causes imbalanced tags there, and thus a syntax error: until that post has "aged" off of the feed, it can't be loaded any more! The validation result clearly shows what the problem is. So yes, edit notes should be fed through htmlspecialchars[_ent]() everywhere they're presented, and that includes the RSS feed! --JavaWoman

And the WikiPing, too :) --NilsLindenberg

Oh is that what you removed Nils. I couldn't figure out using history what you did. Where did you take it from? And why? Did I have one more <?php than was necessary? In which code block? --GmBowen

It was at the beginning of mail.php:

<?php <?php

I guess you overlooked it when you copied your new version to the page. Happened to me in another case, too. --NilsLindenberg

Actually, the problem is not just with tags; any XML "special character" is going to cause an XML error. All will need to be escaped to ensure the RSS feeds and pings are valid XML. (We are having a problem again...) --JavaWoman

Status

Fixed now: Code changes in wikka.php (GetPingParams()), actions/recentchanges.php, handlers/page/recentchanges.xml.php, handlers/page/recentchanges.xml.mm.php, handlers/page/revisions.php and handlers/page/revisions.xml.php . Installed on this server as "beta test" so we can watch behavior. --JavaWoman

[DotMG]

Fixed in [65]. + isolating i18n strings (For WikiPing, htmlspecialchars_ent used at WikiPing() instead of GetPingParams()

[BrianKoontz]

Appears to have been inadverently reopened.