From 571c8c09296c91298e13c437d000ccc0dfab433f Mon Sep 17 00:00:00 2001
From: Alexander Vorwerk <alec@vc-celle.de>
Date: Fri, 25 Jun 2021 00:37:32 +0200
Subject: [PATCH] SECURITY: Pass escaped HTML to
 FullSearchResultWidget::buildMeta

Bug: T285515
Change-Id: I771e44af5641f3065141fa3478f68ab05e31d71f
---
 includes/search/searchwidgets/FullSearchResultWidget.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/includes/search/searchwidgets/FullSearchResultWidget.php b/includes/search/searchwidgets/FullSearchResultWidget.php
index 499c3b1630..3820e9de45 100644
--- a/includes/search/searchwidgets/FullSearchResultWidget.php
+++ b/includes/search/searchwidgets/FullSearchResultWidget.php
@@ -60,9 +60,11 @@ class FullSearchResultWidget implements SearchResultWidget {
 		$redirect = $this->generateRedirectHtml( $result );
 		$section = $this->generateSectionHtml( $result );
 		$category = $this->generateCategoryHtml( $result );
-		$date = $this->specialPage->getLanguage()->userTimeAndDate(
-			$result->getTimestamp(),
-			$this->specialPage->getUser()
+		$date = htmlspecialchars(
+			$this->specialPage->getLanguage()->userTimeAndDate(
+				$result->getTimestamp(),
+				$this->specialPage->getUser()
+			)
 		);
 		list( $file, $desc, $thumb ) = $this->generateFileHtml( $result );
 		$snippet = $result->getTextSnippet();
-- 
2.26.1.windows.1