From 45b68827409204f01840898445a8677dcf080ce2 Mon Sep 17 00:00:00 2001
From: dr0ptp4kt <abaso@wikimedia.org>
Date: Tue, 22 Oct 2013 16:46:28 -0700
Subject: [PATCH] Apply output escaping conditionally.

Change-Id: Ie301c3c27c55dfb0f4d3c653785ad0a35a532a95
---
 includes/ZeroSpecialPage.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/ZeroSpecialPage.php b/includes/ZeroSpecialPage.php
index c8fef00..03ea4ac 100644
--- a/includes/ZeroSpecialPage.php
+++ b/includes/ZeroSpecialPage.php
@@ -55,7 +55,9 @@ class ZeroSpecialPage extends UnlistedSpecialPage {
 		if ( !array_key_exists( 'warn', $redir ) ) {
 			if ( array_key_exists( 'softredirect', $redir ) ) {
 				$r = $redir['softredirect'];
-				$output = Html::element( 'a', array( 'href' => $r ), $r );
+				$rSafe = preg_match( '/^(http(s?):\/\/|\/\/)/i', $r );
+				$r = $rSafe ? wfUrlencode( $r ) : urlencode( $r );
+				$output = '<a href="' . $r . '">' . htmlentities( $r ) . '</a>';
 				$out->addHTML( $output );
 			} else {
 				$config = $this->state->getConfig();
-- 
1.8.3.4 (Apple Git-47)