// been changed somehow, and keep it if so.
$anonPO = ParserOptions::newFromAnon();
$anonPO->setEditSection( false );
+ $anonPO->setAllowUnsafeRawHtml( false );
if ( !$options->matches( $anonPO ) ) {
wfLogWarning( __METHOD__ . ': Setting a changed bogus ParserOptions: ' . wfGetAllCallers( 5 ) );
$options->isBogus = false;
// either.
$po = ParserOptions::newFromAnon();
$po->setEditSection( false );
+ $po->setAllowUnsafeRawHtml( false );
$po->isBogus = true;
if ( $options !== null ) {
$this->mParserOptions = empty( $options->isBogus ) ? $options : null;
$this->mParserOptions = ParserOptions::newFromContext( $this->getContext() );
$this->mParserOptions->setEditSection( false );
+ $this->mParserOptions->setAllowUnsafeRawHtml( false );
}
if ( $options !== null && !empty( $options->isBogus ) ) {
if ( $this->mArticleBodyOnly ) {
echo $this->mBodytext;
} else {
+ // Enable safe mode if requested
+ if ( $this->getRequest()->getBool( 'safemode' ) ) {
+ $this->disallowUserJs();
+ }
+
$sk = $this->getSkin();
// add skin specific modules
$modules = $sk->getDefaultModules();
} else {
$titleObj = Title::newFromText( $returnto );
}
- if ( !is_object( $titleObj ) ) {
+ // We don't want people to return to external interwiki. That
+ // might potentially be used as part of a phishing scheme
+ if ( !is_object( $titleObj ) || $titleObj->isExternal() ) {
$titleObj = Title::newMainPage();
}