From 9926988bb819f308a99cc55a0ca4eb26d47d889e Mon Sep 17 00:00:00 2001
From: Timo Tijhof <krinklemail@gmail.com>
Date: Tue, 28 Apr 2015 06:51:25 +0100
Subject: [PATCH] thumb.php: Escape $rel404 in error message

Bug: T97391
Change-Id: I363686732fe9e5636c85c267c0728fc872c3e39d
---
 thumb.php | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/thumb.php b/thumb.php
index 2ea3f07..8549f58 100644
--- a/thumb.php
+++ b/thumb.php
@@ -286,7 +286,7 @@ function wfStreamThumb( array $params ) {
 			}
 			return;
 		} else {
-			wfThumbError( 404, "The given path of the specified thumbnail is incorrect;
+			wfThumbErrorText( 404, "The given path of the specified thumbnail is incorrect;
 				expected '" . $img->getThumbRel( $thumbName ) . "' but got '" .
 				rawurldecode( $rel404 ) . "'." );
 			return;
@@ -544,14 +544,26 @@ function wfExtractThumbParams( $file, $params ) {
 	return null;
 }
 
+
+/**
+ * Output a thumbnail generation error message
+ *
+ * @param int $status
+ * @param string $msg Plain text (will be html escaped)
+ * @return void
+ */
+function wfThumbErrorText( $status, $msgText ) {
+	return wfThumbError( $status, htmlspecialchars( $msgText ) );
+}
+
 /**
  * Output a thumbnail generation error message
  *
  * @param int $status
- * @param string $msg HTML
+ * @param string $msgHtml HTML
  * @return void
  */
-function wfThumbError( $status, $msg ) {
+function wfThumbError( $status, $msgHtml ) {
 	global $wgShowHostnames;
 
 	header( 'Cache-Control: no-cache' );
@@ -583,7 +595,7 @@ function wfThumbError( $status, $msg ) {
 <body>
 <h1>Error generating thumbnail</h1>
 <p>
-$msg
+$msgHtml
 </p>
 $debug
 </body>
-- 
2.3.5