From: Antoine Musso Date: Mon, 16 Apr 2007 13:50:38 +0000 (+0000) Subject: Fix 8590 : remove support for $wgUserHtml . Our specific HTML subset X-Git-Tag: 1.31.0-rc.0~53391 X-Git-Url: http://git.cyclocoop.org/%24image?a=commitdiff_plain;h=8c3173b2c79ee28264c4493e8a66ba7cb5053fd9;p=lhc%2Fweb%2Fwiklou.git Fix 8590 : remove support for $wgUserHtml . Our specific HTML subset is pretty much required to do anything cool in articles. --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index d9dff2a296..7802316429 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -30,6 +30,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN $wgAutoConfirmCount (defaulting to zero, naturally). * Added rate limiter for Special:Emailuser * Private logs can now be created using $wgLogRestrictions +* (Bug 8590) limited HTML is now always enabled ($wgUserHtml = true). == New features since 1.9 == diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index ca9d96d9da..cd49b0adec 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1655,12 +1655,6 @@ $wgFilterCallback = false; /** Go button goes straight to the edit screen if the article doesn't exist. */ $wgGoToEdit = false; -/** Allow limited user-specified HTML in wiki pages? - * It will be run through a whitelist for security. Set this to false if you - * want wiki pages to consist only of wiki markup. Note that replacements do not - * yet exist for all HTML constructs.*/ -$wgUserHtml = true; - /** Allow raw, unchecked HTML in ... sections. * THIS IS VERY DANGEROUS on a publically editable site, so USE wgGroupPermissions * TO RESTRICT EDITING to only those that you trust @@ -1669,8 +1663,7 @@ $wgRawHtml = false; /** * $wgUseTidy: use tidy to make sure HTML output is sane. - * This should only be enabled if $wgUserHtml is true. - * tidy is a free tool that fixes broken HTML. + * Tidy is a free tool that fixes broken HTML. * See http://www.w3.org/People/Raggett/tidy/ * $wgTidyBin should be set to the path of the binary and * $wgTidyConf to the path of the configuration file. diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 6e1f37b688..dc12ec7fec 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -326,7 +326,7 @@ class Sanitizer { * @return string */ static function removeHTMLtags( $text, $processCallback = null, $args = array() ) { - global $wgUseTidy, $wgUserHtml; + global $wgUseTidy; static $htmlpairs, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags, $htmllist, $listtags, $htmlsingleallowed, $htmlelements, $staticInitialised; @@ -334,40 +334,33 @@ class Sanitizer { wfProfileIn( __METHOD__ ); if ( !$staticInitialised ) { - if( $wgUserHtml ) { - $htmlpairs = array( # Tags that must be closed - 'b', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1', - 'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's', - 'strike', 'strong', 'tt', 'var', 'div', 'center', - 'blockquote', 'ol', 'ul', 'dl', 'table', 'caption', 'pre', - 'ruby', 'rt' , 'rb' , 'rp', 'p', 'span', 'u' - ); - $htmlsingle = array( - 'br', 'hr', 'li', 'dt', 'dd' - ); - $htmlsingleonly = array( # Elements that cannot have close tags - 'br', 'hr' - ); - $htmlnest = array( # Tags that can be nested--?? - 'table', 'tr', 'td', 'th', 'div', 'blockquote', 'ol', 'ul', - 'dl', 'font', 'big', 'small', 'sub', 'sup', 'span' - ); - $tabletags = array( # Can only appear inside table, we will close them - 'td', 'th', 'tr', - ); - $htmllist = array( # Tags used by list - 'ul','ol', - ); - $listtags = array( # Tags that can appear in a list - 'li', - ); - - } else { - $htmlpairs = array(); - $htmlsingle = array(); - $htmlnest = array(); - $tabletags = array(); - } + + $htmlpairs = array( # Tags that must be closed + 'b', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1', + 'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's', + 'strike', 'strong', 'tt', 'var', 'div', 'center', + 'blockquote', 'ol', 'ul', 'dl', 'table', 'caption', 'pre', + 'ruby', 'rt' , 'rb' , 'rp', 'p', 'span', 'u' + ); + $htmlsingle = array( + 'br', 'hr', 'li', 'dt', 'dd' + ); + $htmlsingleonly = array( # Elements that cannot have close tags + 'br', 'hr' + ); + $htmlnest = array( # Tags that can be nested--?? + 'table', 'tr', 'td', 'th', 'div', 'blockquote', 'ol', 'ul', + 'dl', 'font', 'big', 'small', 'sub', 'sup', 'span' + ); + $tabletags = array( # Can only appear inside table, we will close them + 'td', 'th', 'tr', + ); + $htmllist = array( # Tags used by list + 'ul','ol', + ); + $listtags = array( # Tags that can appear in a list + 'li', + ); $htmlsingleallowed = array_merge( $htmlsingle, $tabletags ); $htmlelements = array_merge( $htmlsingle, $htmlpairs, $htmlnest ); diff --git a/t/inc/Sanitizer.t b/t/inc/Sanitizer.t index a9ac8cf118..e3b11b6f47 100644 --- a/t/inc/Sanitizer.t +++ b/t/inc/Sanitizer.t @@ -54,7 +54,6 @@ cmp_ok( Sanitizer::decodeCharReferences( '&foo;' ), '==', '&foo;', 'Invalid name cmp_ok( Sanitizer::decodeCharReferences( "�" ), '==', UTF8_REPLACEMENT, 'Invalid numbered entity' ); $wgUseTidy = false; -$wgUserHtml = true; cmp_ok( Sanitizer::removeHTMLtags( '
Hello world
' ), '==',