From befb6475dd2943db3d52965d8fa40fa834576c5d Mon Sep 17 00:00:00 2001
From: BlankEclair <blankeclair@disroot.org>
Date: Thu, 20 Feb 2025 21:13:18 +1100
Subject: [PATCH] SECURITY: Fix various XSSes

Bug: T386908
Change-Id: I86f47103ffb78c671890b44ccd59fcff6613975f
---
 includes/business/AccountConfirmSubmission.php                | 4 ++--
 includes/business/AccountRequestSubmission.php                | 4 ++--
 .../frontend/specialpages/actions/ConfirmAccount_body.php     | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/includes/business/AccountConfirmSubmission.php b/includes/business/AccountConfirmSubmission.php
index d9ceffb..d71ab72 100644
--- a/includes/business/AccountConfirmSubmission.php
+++ b/includes/business/AccountConfirmSubmission.php
@@ -124,7 +124,7 @@ class AccountConfirmSubmission {
 					'accountconf_mailerror',
 					$context->msg( 'mailerror' )->rawParams(
 						$context->getOutput()->parseAsInterface( $result->getWikiText() )
-					)->text(),
+					)->escaped(),
 					null
 				];
 			}
@@ -183,7 +183,7 @@ class AccountConfirmSubmission {
 				'accountconf_mailerror',
 				$context->msg( 'mailerror' )->rawParams(
 					$context->getOutput()->parseAsInterface( $result->getWikiText() )
-				)->text(),
+				)->escaped(),
 				null
 			];
 		}
diff --git a/includes/business/AccountRequestSubmission.php b/includes/business/AccountRequestSubmission.php
index c6bc137..24f1b76 100644
--- a/includes/business/AccountRequestSubmission.php
+++ b/includes/business/AccountRequestSubmission.php
@@ -118,7 +118,7 @@ class AccountRequestSubmission {
 			if ( $value > $wgAccountRequestThrottle ) {
 				return [
 					'accountreq_throttled',
-					$context->msg( 'acct_request_throttle_hit', $wgAccountRequestThrottle )->text()
+					$context->msg( 'acct_request_throttle_hit', $wgAccountRequestThrottle )->escaped()
 				];
 			}
 		}
@@ -143,7 +143,7 @@ class AccountRequestSubmission {
 
 			return [
 				'acct_request_short_bio',
-				$context->msg( 'requestaccount-tooshort' )->numParams( $minWords )->text()
+				$context->msg( 'requestaccount-tooshort' )->numParams( $minWords )->escaped()
 			];
 		}
 		# Per security reasons, file dir cannot be pulled from client,
diff --git a/includes/frontend/specialpages/actions/ConfirmAccount_body.php b/includes/frontend/specialpages/actions/ConfirmAccount_body.php
index 7c2fa43..f06ef04 100644
--- a/includes/frontend/specialpages/actions/ConfirmAccount_body.php
+++ b/includes/frontend/specialpages/actions/ConfirmAccount_body.php
@@ -256,7 +256,7 @@ class ConfirmAccountsPage extends SpecialPage {
 
 			// Give grep a chance to find the usages: confirmaccount-type-0, confirmaccount-type-1
 			$out->addHTML( "<li><i>" . $this->msg( "confirmaccount-type-$i" )->escaped() . "</i>" );
-			$out->addHTML( $this->msg( 'word-separator' )->plain() );
+			$out->addHTML( $this->msg( 'word-separator' )->escaped() );
 			$params = $this->getLanguage()->pipeList( [ $open, $held, $rejects, $stale ] );
 			$out->addHTML( $this->msg( 'parentheses' )->rawParams( $params )->escaped() );
 			$out->addHTML( '</li>' );
-- 
2.48.1