From: Tim Starling <tstarling@users.mediawiki.org>
Date: Sun, 1 May 2005 18:15:58 +0000 (+0000)
Subject: Changed input attribute syntax to be more user-friendly and less standards-compliant... 
X-Git-Tag: 1.5.0alpha1~38
X-Git-Url: http://git.cyclocoop.org/%28?a=commitdiff_plain;h=82ed5e1d9cf127a34689f46491908c59892e3a72;p=lhc%2Fweb%2Fwiklou.git

Changed input attribute syntax to be more user-friendly and less standards-compliant. This is wikitext not XHTML after all.
---

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index e6c56e98b4..384fd2091d 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -216,7 +216,10 @@ class Sanitizer {
 			return '';
 		}
 		
-		$attrib = '[A-Za-z0-9]'; #FIXME
+		# Unquoted attribute
+		# Since we quote this later, this can be anything distinguishable 
+		# from the end of the attribute
+		$attrib = '[A-Za-z0-9]'; 
 		$space = '[\x09\x0a\x0d\x20]';
 		if( !preg_match_all(
 			"/(?:^|$space)($attrib+)
@@ -225,7 +228,7 @@ class Sanitizer {
 			     # The attribute value: quoted or alone
 			      \"([^<\"]*)\"
 			     | '([^<']*)'
-			     |  ([a-zA-Z0-9._:-]+)
+			     |  ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
 			     |  (\#[0-9a-fA-F]+) # Technically wrong, but lots of
 			                         # colors are specified like this.
 			                         # We'll be normalizing it.