From ec7276ea08af439384440b5b3e35c315c16e929e Mon Sep 17 00:00:00 2001 From: Ryan Schmidt Date: Tue, 21 Apr 2009 21:54:47 +0000 Subject: [PATCH] * Follow up r49654: move the $extratags and $removetags processing outside of the static variable initialization so that DISPLAYTITLE doesn't stop
and friends from working inside the wikitext, and so that extensions that add extra tags for a specific purpose don't unwittingly make such tags available for use in the wikitext body. --- includes/Sanitizer.php | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 79f42db372..8249f969f1 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -345,20 +345,20 @@ class Sanitizer { static function removeHTMLtags( $text, $processCallback = null, $args = array(), $extratags = array(), $removetags = array() ) { global $wgUseTidy; - static $htmlpairs, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags, - $htmllist, $listtags, $htmlsingleallowed, $htmlelements, $staticInitialised; + static $htmlpairsStatic, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags, + $htmllist, $listtags, $htmlsingleallowed, $htmlelementsStatic, $staticInitialised; wfProfileIn( __METHOD__ ); if ( !$staticInitialised ) { - $htmlpairs = array_merge( $extratags, array( # Tags that must be closed + $htmlpairsStatic = array( # Tags that must be closed 'b', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's', 'strike', 'strong', 'tt', 'var', 'div', 'center', 'blockquote', 'ol', 'ul', 'dl', 'table', 'caption', 'pre', 'ruby', 'rt' , 'rb' , 'rp', 'p', 'span', 'u' - ) ); + ); $htmlsingle = array( 'br', 'hr', 'li', 'dt', 'dd' ); @@ -380,18 +380,21 @@ class Sanitizer { ); $htmlsingleallowed = array_unique( array_merge( $htmlsingle, $tabletags ) ); - # Only allow elements that aren't specified in $removetags - # Doing it here since this is the top-level check - $htmlelements = array_diff( array_unique( array_merge( $htmlsingle, $htmlpairs, $htmlnest ) ), $removetags ); + $htmlelementsStatic = array_unique( array_merge( $htmlsingle, $htmlpairsStatic, $htmlnest ) ); # Convert them all to hashtables for faster lookup - $vars = array( 'htmlpairs', 'htmlsingle', 'htmlsingleonly', 'htmlnest', 'tabletags', - 'htmllist', 'listtags', 'htmlsingleallowed', 'htmlelements' ); + $vars = array( 'htmlpairsStatic', 'htmlsingle', 'htmlsingleonly', 'htmlnest', 'tabletags', + 'htmllist', 'listtags', 'htmlsingleallowed', 'htmlelementsStatic' ); foreach ( $vars as $var ) { $$var = array_flip( $$var ); } $staticInitialised = true; } + # Populate $htmlpairs and $htmlelements with the $extratags and $removetags arrays + $extratags = array_flip( $extratags ); + $removetags = array_flip( $removetags ); + $htmlpairs = array_merge( $extratags, $htmlpairsStatic ); + $htmlelements = array_diff( array_unique( array_merge( $extratags, $htmlelementsStatic ) ), $removetags ); # Remove HTML comments $text = Sanitizer::removeHTMLcomments( $text ); -- 2.20.1