From f8d1bc3ce3a1ea7d6b0dbfdfd5752f7ab2c1eb02 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 21 Jun 2005 21:35:48 +0000 Subject: [PATCH] Make an attempt to fix some more problems: * incorrect escaping of URL components * missing escaping of URLs in tags * don't try to place HTML-formatted wikitext into a single-quoted attribute value * an odd str_replace * some other XHTML bits --- includes/SpecialValidate.php | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/includes/SpecialValidate.php b/includes/SpecialValidate.php index dea35b0d7d..9437bbe4aa 100644 --- a/includes/SpecialValidate.php +++ b/includes/SpecialValidate.php @@ -52,7 +52,7 @@ class Validation { function getVersionLink( &$article, $revision, $text = "" ) { $t = $article->getTitle(); if( $text == "" ) $text = wfMsg("val_view_version"); - $ret = "getLocalURL( htmlspecialchars("oldid={$revision}" )) . "\">" . $this->getParsedWiki($text) . ""; + $ret = "escapeLocalURL( "oldid={$revision}" ) . "\">" . $this->getParsedWiki($text) . ""; return $ret; } @@ -281,7 +281,7 @@ class Validation { $user = $wgUser->GetName(); } $nt = Title::newFromText( "Special:Validate" ); - $url = $nt->getLocalURL( "mode=userstats&user=" . htmlspecialchars ( $user ) ); + $url = $nt->escapeLocalURL( "mode=userstats&user=" . urlencode( $user ) ); return "{$text}"; } @@ -315,29 +315,32 @@ class Validation { $u->setId( $x->rev_user ); $u->setName( $x->rev_user_text ); $nt = $u->getUserPage(); - $url = "" . $nt->getText() . ""; + # FIXME: Why doesn't this use standard linking code? + $url = "" . htmlspecialchars( $nt->getText() ) . ""; $metadata .= $url; } + # FIXME: Why doesn't this use standard comment formatting? $metadata .= " : \"" . $this->getParsedWiki( $x->rev_comment ) . "\""; return $metadata; } # Generates a link to the topic description function linkTopic ( $s ) { + # FIXME: Why doesn't this use standard linking code? $t = Title::newFromText ( wfMsg ( 'val_topic_desc_page' ) ) ; $r = "getLocalURL () ; + $r .= $t->escapeLocalURL () ; $r .= "#" . urlencode ( $s ) ; $r .= "\">{$s}" ; return $r ; - } + } # Generates HTML from a wiki text, e.g., a wfMsg function getParsedWiki ( $text ) { global $wgOut , $wgTitle, $wgParser ; $parserOutput = $wgParser->parse( $text , $wgTitle, $wgOut->mParserOptions,false); return $parserOutput->getText() ; - } + } # Generates a form for a single revision function getRevisionForm( &$article, $idx, &$data, $focus = false ) { @@ -381,9 +384,9 @@ class Validation { } $vote .= "value ) { - $vote .= " checked"; + $vote .= " checked='checked'"; } - $vote .= "/>"; + $vote .= " />"; if( $max == 2 && $a == 1 ) { $vote .= wfMsg( "val_no" ) . " "; } elseif( $max == 2 && $a == 2 ) { @@ -402,9 +405,9 @@ class Validation { } $checked = $focus ? " checked='checked'" : ""; $ret .= "\n"; - $ret .= "" . $this->getParsedWiki( wfMsg( 'val_merge_old' ) ) . " \n"; - $ret .= "" . $this->getParsedWiki( wfMsg( 'val_clear_old' ) ) . " \n"; - $ret .= "\n"; + $ret .= "" . $this->getParsedWiki( wfMsg( 'val_merge_old' ) ) . " \n"; + $ret .= "" . $this->getParsedWiki( wfMsg( 'val_clear_old' ) ) . " \n"; + $ret .= "\n"; if( $focus ) { $ret .= "
\n" . $this->getParsedWiki ( wfMsg( "val_form_note" ) ) . ""; @@ -440,7 +443,7 @@ class Validation { } $ret .= "

" . $this->getParsedWiki( wfMsg( 'val_revision_changes_ok' ) ) . "

"; } - else $ret .= wfMsg ( 'val_votepage_intro' ) ; + else $ret .= wfMsgHtml ( 'val_votepage_intro' ) ; # Make sure the requested revision exists $ts = $this->rev2date[$revision]->rev_timestamp; @@ -454,7 +457,7 @@ class Validation { # Output $title = $article->getTitle(); $title = $title->getPrefixedText(); - $wgOut->setPageTitle( str_replace ( '$1' , $title , wfMsg( 'val_rev_for' ) ) ); + $wgOut->setPageTitle( wfMsg( 'val_rev_for', $title ) ); foreach( $this->voteCache as $x => $y ) { $ret .= $this->getRevisionForm( $article, $x, $y, $x == $ts ); $ret .= "
\n"; -- 2.20.1