From: Siebrand Mazeland <s.mazeland@xs4all.nl>
Date: Mon, 20 Aug 2012 08:25:40 +0000 (+0200)
Subject: Numerous fixes for Ia1878588. Escaped output was most important.
X-Git-Tag: 1.31.0-rc.0~22673^2
X-Git-Url: http://git.cyclocoop.org/%24href?a=commitdiff_plain;h=6120709e7c3f74bf87d8d612817adfc28424c984;p=lhc%2Fweb%2Fwiklou.git

Numerous fixes for Ia1878588. Escaped output was most important.

* Output was not escaped.
* numParms() not used where possible.
* Hard coded text hadn't been replaced with message.
* Added two FIXMEs for hard coded text, and localised magic words where they shouldn't be.

Change-Id: I0eef0c5af10cff04bcfc86d37e696491c3727cab
---

diff --git a/includes/actions/InfoAction.php b/includes/actions/InfoAction.php
index 5f470d9ff1..d61f5b665d 100644
--- a/includes/actions/InfoAction.php
+++ b/includes/actions/InfoAction.php
@@ -86,7 +86,7 @@ class InfoAction extends FormlessAction {
 		$table = '';
 
 		// Basic information
-		$content = $this->addHeader( $content, $this->msg( 'pageinfo-header-basic' ) );
+		$content = $this->addHeader( $content, $this->msg( 'pageinfo-header-basic' )->text() );
 
 		// Display title
 		$displayTitle = $title->getPrefixedText();
@@ -95,7 +95,7 @@ class InfoAction extends FormlessAction {
 		}
 
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-display-title' ), $displayTitle );
+			$this->msg( 'pageinfo-display-title' )->escaped(), $displayTitle );
 
 		// Default sort key
 		$sortKey = $title->getCategorySortKey();
@@ -104,15 +104,15 @@ class InfoAction extends FormlessAction {
 		}
 
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-default-sort' ), $sortKey );
+			$this->msg( 'pageinfo-default-sort' )->escaped(), $sortKey );
 
 		// Page length (in bytes)
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-length' ), $lang->formatNum( $title->getLength() ) );
+			$this->msg( 'pageinfo-length' )->escaped(), $lang->formatNum( $title->getLength() ) );
 
-		// Page ID
+		// Page ID (number not localised, as it's a database ID.)
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-article-id' ), $lang->formatNum( $id ) );
+			$this->msg( 'pageinfo-article-id' )->escaped(), $id );
 
 		// Search engine status
 		$pOutput = new ParserOutput();
@@ -122,21 +122,22 @@ class InfoAction extends FormlessAction {
 
 		// Use robot policy logic
 		$policy = $article->getRobotPolicy( 'view', $pOutput );
+		// @todo FIXME: Hard coded English text.
 		$table = $this->addRow( $table,
-			'Search engine status', "Marked as '" . $policy['index'] . "'"
+			$this->msg( 'pageinfo-robot-policy' )->escaped(), "Marked as '" . $policy['index'] . "'"
 		);
 
 		if ( !$wgDisableCounters ) {
 			// Number of views
 			$table = $this->addRow( $table,
-				$this->msg( 'pageinfo-views' ), $lang->formatNum( $pageInfo['views'] )
+				$this->msg( 'pageinfo-views' )->escaped(), $lang->formatNum( $pageInfo['views'] )
 			);
 		}
 
 		if ( $userCanViewUnwatchedPages ) {
 			// Number of page watchers
 			$table = $this->addRow( $table,
-				$this->msg( 'pageinfo-watchers' ), $lang->formatNum( $pageInfo['watchers'] ) );
+				$this->msg( 'pageinfo-watchers' )->escaped(), $lang->formatNum( $pageInfo['watchers'] ) );
 		}
 
 		// Redirects to this page
@@ -144,29 +145,28 @@ class InfoAction extends FormlessAction {
 		$table = $this->addRow( $table,
 			Linker::link(
 				$whatLinksHere,
-				$this->msg( 'pageinfo-redirects-name' ),
+				$this->msg( 'pageinfo-redirects-name' )->escaped(),
 				array(),
 				array( 'hidelinks' => 1, 'hidetrans' => 1 )
 			),
-			$this->msg( 'pageinfo-redirects-value',
-				$lang->formatNum( count( $title->getRedirectsHere() ) )
-			)
+			$this->msg( 'pageinfo-redirects-value' )
+				->numParams( count( $title->getRedirectsHere() ) )->escaped()
 		);
 
 		// Subpages of this page
 		$prefixIndex = SpecialPage::getTitleFor( 'Prefixindex', $title->getPrefixedText() . '/' );
 		$table = $this->addRow( $table,
-			Linker::link( $prefixIndex, $this->msg( 'pageinfo-subpages-name' ) ),
-			$this->msg( 'pageinfo-subpages-value',
-				$lang->formatNum( $pageInfo['subpages']['total'] ),
-				$pageInfo['subpages']['redirects'],
-				$pageInfo['subpages']['nonredirects']
-			)
+			Linker::link( $prefixIndex, $this->msg( 'pageinfo-subpages-name' )->escaped() ),
+			$this->msg( 'pageinfo-subpages-value' )
+				->numParams(
+					$pageInfo['subpages']['total'],
+					$pageInfo['subpages']['redirects'],
+					$pageInfo['subpages']['nonredirects'] )->escaped()
 		);
 
 		// Page protection
 		$content = $this->addTable( $content, $table );
-		$content = $this->addHeader( $content, $this->msg( 'pageinfo-header-restrictions' ) );
+		$content = $this->addHeader( $content, $this->msg( 'pageinfo-header-restrictions' )->text() );
 		$table = '';
 
 		// Page protection
@@ -174,65 +174,67 @@ class InfoAction extends FormlessAction {
 			$protectionLevel = implode( ', ', $title->getRestrictions( $restrictionType ) );
 			if ( $protectionLevel == '' ) {
 				// Allow all users
-				$message = $this->msg( "protect-default" );
+				$message = $this->msg( 'protect-default' )->escaped();
 			} else {
 				// Administrators only
 				$message = $this->msg( "protect-level-$protectionLevel" );
-				if ( !$message->exists() ) {
+				if ( $message->isDisabled() ) {
 					// Require "$1" permission
-					$message = $this->msg( "protect-fallback", $protectionLevel );
+					$message = $this->msg( "protect-fallback", $protectionLevel )->escaped();
+				} else {
+					$message = $message->escaped();
 				}
 			}
 
 			$table = $this->addRow( $table,
-				$this->msg( 'pageinfo-restriction', $restrictionType ), $message
+				$this->msg( 'pageinfo-restriction', $restrictionType )->escaped(), $message
 			);
 		}
 
 		// Edit history
 		$content = $this->addTable( $content, $table );
-		$content = $this->addHeader( $content, $this->msg( 'pageinfo-header-edits' ) );
+		$content = $this->addHeader( $content, $this->msg( 'pageinfo-header-edits' )->text() );
 		$table = '';
 
 		// Page creator
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-firstuser' ), $pageInfo['firstuser']
+			$this->msg( 'pageinfo-firstuser' )->escaped(), $pageInfo['firstuser']
 		);
 
 		// Date of page creation
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-firsttime' ), $lang->timeanddate( $pageInfo['firsttime'] )
+			$this->msg( 'pageinfo-firsttime' )->escaped(), $lang->timeanddate( $pageInfo['firsttime'] )
 		);
 
 		// Latest editor
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-lastuser' ), $pageInfo['lastuser']
+			$this->msg( 'pageinfo-lastuser' )->escaped(), $pageInfo['lastuser']
 		);
 
 		// Date of latest edit
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-lasttime' ), $lang->timeanddate( $pageInfo['lasttime'] )
+			$this->msg( 'pageinfo-lasttime' )->escaped(), $lang->timeanddate( $pageInfo['lasttime'] )
 		);
 
 		// Total number of edits
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-edits' ), $lang->formatNum( $pageInfo['edits'] )
+			$this->msg( 'pageinfo-edits' )->escaped(), $lang->formatNum( $pageInfo['edits'] )
 		);
 
 		// Total number of distinct authors
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-authors' ), $lang->formatNum( $pageInfo['authors'] )
+			$this->msg( 'pageinfo-authors' )->escaped(), $lang->formatNum( $pageInfo['authors'] )
 		);
 
 		// Recent number of edits (within past 30 days)
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-recent-edits', $lang->formatDuration( $wgRCMaxAge ) ),
+			$this->msg( 'pageinfo-recent-edits', $lang->formatDuration( $wgRCMaxAge ) )->escaped(),
 			$lang->formatNum( $pageInfo['recent_edits'] )
 		);
 
 		// Recent number of distinct authors
 		$table = $this->addRow( $table,
-			$this->msg( 'pageinfo-recent-authors' ), $lang->formatNum( $pageInfo['recent_authors'] )
+			$this->msg( 'pageinfo-recent-authors' )->escaped(), $lang->formatNum( $pageInfo['recent_authors'] )
 		);
 
 		$content = $this->addTable( $content, $table );
@@ -243,6 +245,8 @@ class InfoAction extends FormlessAction {
 		// Array of magic word IDs
 		$wordIDs = $magicWords->names;
 
+		// @todo FIXME: Should report in content language, as localised
+		//              magic words cannot be used.
 		// Array of IDs => localized magic words
 		$localizedWords = $lang->getMagicWords();
 
@@ -261,13 +265,14 @@ class InfoAction extends FormlessAction {
 			|| count( $hiddenCategories ) > 0
 			|| count( $transcludedTemplates ) > 0 ) {
 			// Page properties
-			$content = $this->addHeader( $content, $this->msg( 'pageinfo-header-properties' ) );
+			$content = $this->addHeader( $content, $this->msg( 'pageinfo-header-properties' )->text() );
 			$table = '';
 
 			// Magic words
 			if ( count( $listItems ) > 0 ) {
 				$table = $this->addRow( $table,
-					$this->msg( 'pageinfo-magic-words', count( $listItems ) ), $localizedList
+					$this->msg( 'pageinfo-magic-words' )->numParams( count( $listItems ) )->escaped(),
+					$localizedList
 				);
 			}
 
@@ -278,7 +283,8 @@ class InfoAction extends FormlessAction {
 			// Hidden categories
 			if ( count( $hiddenCategories ) > 0 ) {
 				$table = $this->addRow( $table,
-					$this->msg( 'pageinfo-hidden-categories', count( $hiddenCategories ) ),
+					$this->msg( 'pageinfo-hidden-categories' )
+						->numParams( count( $hiddenCategories ) )->escaped(),
 					Linker::formatHiddenCategories( $hiddenCategories )
 				);
 			}
@@ -290,7 +296,8 @@ class InfoAction extends FormlessAction {
 			// Transcluded templates
 			if ( count( $transcludedTemplates ) > 0 ) {
 				$table = $this->addRow( $table,
-					$this->msg( 'pageinfo-templates', count( $transcludedTemplates ) ),
+					$this->msg( 'pageinfo-templates' )
+						->numParams( count( $transcludedTemplates ) )->escaped(),
 					Linker::formatTemplates( $transcludedTemplates )
 				);
 			}