From 6942e8b2c01dc33c2c41a471f91ef3f6ca726073 Mon Sep 17 00:00:00 2001
From: Alex <alex@blueselene.com>
Date: Fri, 9 Feb 2024 22:11:50 +0100
Subject: [PATCH] Escape output

See security advisory
---
 includes/Helpers/ManageWikiTypes.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Helpers/ManageWikiTypes.php b/includes/Helpers/ManageWikiTypes.php
index 554b70f21..2fe084e3a 100644
--- a/includes/Helpers/ManageWikiTypes.php
+++ b/includes/Helpers/ManageWikiTypes.php
@@ -330,7 +330,7 @@ private static function common( $config, $disabled, $groupList, $name, $options,
 			case 'usergroups':
 				$groups = [];
 				foreach ( (array)$groupList as $group ) {
-					$groups[UserGroupMembership::getGroupName( $group )] = $group;
+					$groups[htmlspecialchars( UserGroupMembership::getGroupName( $group ) )] = $group;
 				}
 
 				$configs = [