From b98bf01e34c05026f4a86dd3b5e9475fafba8c9a Mon Sep 17 00:00:00 2001
From: grunny <mwgrunny@gmail.com>
Date: Tue, 23 Jun 2015 12:12:23 +1000
Subject: [PATCH] SECURITY: Fix XSS in TemplateInForm

Bug: T103391
---
 includes/SF_TemplateInForm.php | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/includes/SF_TemplateInForm.php b/includes/SF_TemplateInForm.php
index 4fa5e58..9fc63ed 100644
--- a/includes/SF_TemplateInForm.php
+++ b/includes/SF_TemplateInForm.php
@@ -222,19 +222,25 @@ class SFTemplateInForm {
 	}
 
 	function creationHTML( $template_num ) {
-		$checked_str = ( $this->mAllowMultiple ) ? "checked" : "";
+		$checked_attribs = ( $this->mAllowMultiple ) ? array( 'checked' => 'checked' ) : array();
 		$template_str = wfMessage( 'sf_createform_template' )->escaped();
 		$template_label_input = wfMessage( 'sf_createform_templatelabelinput' )->escaped();
 		$allow_multiple_text = wfMessage( 'sf_createform_allowmultiple' )->escaped();
-		$text = <<<END
-	<input type="hidden" name="template_$template_num" value="$this->mTemplateName">
-	<div class="templateForm">
-	<h2>$template_str '$this->mTemplateName'</h2>
-	<p>$template_label_input <input size=25 name="label_$template_num" value="$this->mLabel"></p>
-	<p><input type="checkbox" name="allow_multiple_$template_num" $checked_str> $allow_multiple_text</p>
-	<hr>
+		$text = Html::hidden( "template_$template_num", $this->mTemplateName );
+		$text .= '<div class="templateForm">';
+		$text .= Html::element( 'h2', array(), "$template_str '$this->mTemplateName'" );
+		$text .= Html::rawElement(
+			'p',
+			array(),
+			$template_label_input . Html::input( "label_$template_num", $this->mLabel, 'text', array( 'size' => 25 ) )
+		);
+		$text .= Html::rawElement(
+			'p',
+			array(),
+			Html::input( "allow_multiple_$template_num", '', 'checkbox', $checked_attribs ) . $allow_multiple_text
+		);
+		$text .= '<hr>';
 
-END;
 		foreach ( $this->mFields as $field ) {
 			$text .= $field->creationHTML( $template_num );
 		}
-- 
1.9.1