From: Philip Tzou <philip@users.mediawiki.org>
Date: Tue, 25 Jan 2011 18:33:21 +0000 (+0000)
Subject: LanguageConverter::captionConvert(): remove HTML tags and escape HTML special chars... 
X-Git-Tag: 1.31.0-rc.0~32368
X-Git-Url: http://git.cyclocoop.org/%24href?a=commitdiff_plain;h=f16d1e4ed70cd5a8fa6ae6ca8bb71bfe62f4f47e;p=lhc%2Fweb%2Fwiklou.git

LanguageConverter::captionConvert(): remove HTML tags and escape HTML special chars to prevent disrupting the layout.
---

diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index 2cfcb4d7f3..5b46b57bca 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -308,14 +308,23 @@ class LanguageConverter {
 	 * @return String like ' alt="yyyy"' or ' title="yyyy"'
 	 */
 	protected function captionConvert( $matches ) {
+	  // TODO: cache the preferred variant in every autoConvert() process,
+	  // this helps improve performance in a way.
 		$toVariant = $this->getPreferredVariant();
 		$title = $matches[1];
-		$text  = $matches[2];
+		$text = $matches[2];
+		
 		// we convert captions except URL
 		if ( !strpos( $text, '://' ) ) {
 			$text = $this->translate( $text, $toVariant );
 		}
-		return " $title=\"$text\"";
+		
+		// remove HTML tags to prevent disrupting the layout
+		$text = preg_replace( '/<[^>]+>/', '', $text );
+		// escape HTML special chars to prevent disrupting the layout
+		$text = htmlspecialchars( $text );
+		
+		return " {$title}=\"{$text}\"";
 	}
 
 	/**