From 853f539c61e1fc9cc29d4002c3c4863544e4b5d2 Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Wed, 24 Jun 2015 16:50:23 -0700
Subject: [PATCH] SECURITY: Escape template label in FormEdit

Bug: T103765
---
 includes/SF_FormPrinter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/SF_FormPrinter.php b/includes/SF_FormPrinter.php
index 88035f8..5e3194b 100644
--- a/includes/SF_FormPrinter.php
+++ b/includes/SF_FormPrinter.php
@@ -693,7 +693,7 @@ END;
 					if ( $old_template_name != $template_name ) {
 						if ( isset( $template_label ) ) {
 							$multipleTemplateString .= "<fieldset>\n";
-							$multipleTemplateString .= "<legend>$template_label</legend>\n";
+							$multipleTemplateString .= Html::element( 'legend', null, $template_label );
 						}
 						// If $curPlaceholder is set, it means we want to insert a
 						// multiple template form's HTML into the main form's HTML.
-- 
1.8.4.5