From d68fbf0ac6417a4b4354c8f967a5c56172333a01 Mon Sep 17 00:00:00 2001
From: Radman Siddiki <radman.siddiki@gmail.com>
Date: Fri, 16 Aug 2024 19:31:50 +0600
Subject: [PATCH] SECURITY: Escape MediaWiki:Sidebar before rendering

Bug: T370081
---
 ApexTemplate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ApexTemplate.php b/ApexTemplate.php
index de8e0c2..95a7405 100644
--- a/ApexTemplate.php
+++ b/ApexTemplate.php
@@ -227,7 +227,7 @@ class ApexTemplate extends BaseTemplate {
 			$msg = $name;
 		}
 		?>
-<div class="portal" id='<?php echo Sanitizer::escapeIdForAttribute( "p-$name" ) ?>'<?php echo Linker::tooltip( 'p-' . $name ) ?>>
+<div class="portal" id='<?php echo htmlspecialchars(Sanitizer::escapeIdForAttribute( "p-$name" ), ENT_QUOTES) ?>'<?php echo Linker::tooltip( 'p-' . $name ) ?>>
 	<h5<?php $this->html( 'userlangattributes' ) ?>><?php
 		$msgObj = wfMessage( $msg );
 		echo htmlspecialchars( $msgObj->exists() ? $msgObj->text() : $msg );
-- 
2.37.2.windows.2