From 1ca9645133502c5317aed3998b27cd9aeae91eda Mon Sep 17 00:00:00 2001
From: Alexander Vorwerk <alexander.vorwerk@stud.uni-goettingen.de>
Date: Thu, 7 Oct 2021 23:23:48 +0200
Subject: [PATCH] SECURITY: Escape date values

Bug: T292795
Change-Id: If7cd112e627f47f9aca69b380dde1634bf55f789
---
 src/LogPager.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/LogPager.php b/src/LogPager.php
index 72495c9..d6d3941 100644
--- a/src/LogPager.php
+++ b/src/LogPager.php
@@ -47,9 +47,15 @@ class LogPager extends ReverseChronologicalPager {
 			'checkuser-log-entry-' . $row->cul_type,
 			$user,
 			$target,
-			$lang->userTimeAndDate( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser ),
-			$lang->userDate( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser ),
-			$lang->userTime( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser )
+			htmlspecialchars(
+				$lang->userTimeAndDate( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser )
+			),
+			htmlspecialchars(
+				$lang->userDate( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser )
+			),
+			htmlspecialchars(
+				$lang->userTime( wfTimestamp( TS_MW, $row->cul_timestamp ), $contextUser )
+			)
 		)->text();
 		$rowContent .= Linker::commentBlock( $row->cul_reason );
 
-- 
2.17.1