From da1a75344037c53a3966e100b335719c850ca535 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Wed, 29 Jun 2005 21:50:11 +0000
Subject: [PATCH] * HTML sanitizer: correct multiple attributes by keeping
 last, not first This corrects a regression reported with some fancy templated
 tables at
 http://en.wikipedia.org/wiki/Wikipedia:WikiProject_Chemicals/Organization

---
 RELEASE-NOTES               |  1 +
 includes/Sanitizer.php      |  6 +++---
 maintenance/parserTests.txt | 26 +++++++++++++++++++++++++-
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4e18b7ee86..fb594b3920 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -422,6 +422,7 @@ Various bugfixes, small features, and a few experimental things:
 * Copy IRC-over-UDP update option from REL1_4
 * (bug 2548) Keep summary on 'show changes' of section edit
 * Move center on toc to title part to avoid breaking .toc style usage
+* HTML sanitizer: correct multiple attributes by keeping last, not first
 
 
 === Caveats ===
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 2170a34031..dd59f44f6d 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -574,9 +574,9 @@ class Sanitizer {
 				'/(' . URL_PROTOCOLS . '):/',
 				'\\1&#58;', $value );
 			
-			if( !isset( $attribs[$attribute] ) ) {
-				$attribs[$attribute] = "$attribute=\"$value\"";
-			}
+			// If this attribute was previously set, override it.
+			// Output should only have one attribute of each name.
+			$attribs[$attribute] = "$attribute=\"$value\"";
 		}
 		if( empty( $attribs ) ) {
 			return '';
diff --git a/maintenance/parserTests.txt b/maintenance/parserTests.txt
index dbb2b718d5..d379301459 100644
--- a/maintenance/parserTests.txt
+++ b/maintenance/parserTests.txt
@@ -2214,7 +2214,31 @@ div with illegal double attributes
 !! input
 <div align="center" align="right">HTML rocks</div>
 !! result
-<div align="center">HTML rocks</div>
+<div align="right">HTML rocks</div>
+
+!!end
+
+!! test
+HTML multiple attributes correction
+!! input
+<p class="error" class="awesome">Awesome!</p>
+!! result
+<p class="awesome">Awesome!</p>
+
+!!end
+
+!! test
+Table multiple attributes correction
+!! input
+{|
+!+ class="error" class="awesome"| status
+|}
+!! result
+<table>
+<tr>
+<th class="awesome">status</th>
+</tr>
+</table>
 
 !!end
 
-- 
2.20.1