From ae934157b216836c3aa39504729840f2f3589873 Mon Sep 17 00:00:00 2001 From: "C. Scott Ananian" Date: Wed, 21 Sep 2016 14:25:26 -0400 Subject: [PATCH] Protect -{...}- variant constructs in galleries This also protects naked external links, which are internally surrounded by `-{R|...}-` by LanguageConverter::markNoConversion. Originally found in failed tests in I7fa2d85d6. Bug: T54190 Change-Id: I9b099273203482ffb570a5654d8ba50c833e526d --- includes/parser/Parser.php | 10 ++- tests/parser/parserTests.txt | 124 +++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+), 1 deletion(-) diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php index 8f9830c188..5b2daddd23 100644 --- a/includes/parser/Parser.php +++ b/includes/parser/Parser.php @@ -5018,7 +5018,10 @@ class Parser { // FIXME: Doing recursiveTagParse at this stage, and the trim before // splitting on '|' is a bit odd, and different from makeImage. $matches[3] = $this->recursiveTagParse( trim( $matches[3] ) ); - $parameterMatches = StringUtils::explode( '|', $matches[3] ); + // Protect LanguageConverter markup + $parameterMatches = StringUtils::delimiterExplode( + '-{', '}-', '|', $matches[3], true /* nested */ + ); foreach ( $parameterMatches as $parameterMatch ) { list( $magicName, $match ) = $mwArray->matchVariableStartToEnd( $parameterMatch ); @@ -5035,6 +5038,11 @@ class Parser { $addr = self::EXT_LINK_ADDR; $prots = $this->mUrlProtocols; // check to see if link matches an absolute url, if not then it must be a wiki link. + if ( preg_match( '/^-{R|(.*)}-$/', $linkValue ) ) { + // Result of LanguageConverter::markNoConversion + // invoked on an external link. + $linkValue = substr( $linkValue, 4, -2 ); + } if ( preg_match( "/^($prots)$addr$chars*$/u", $linkValue ) ) { $link = $linkValue; } else { diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index edcc2c46ea..b34a03f2a3 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -20643,6 +20643,35 @@ language=zh variant=zh-cn
!! end +!! test +Don't break gallery if language converter markup is inside. +!! options +language=zh +!! wikitext + +File:foobar.jpg|[[File:foobar.jpg|20px|desc|alt=-{R|foo}-|-{R|bar}-]]|alt=-{R|bat}- +File:foobar.jpg|{{Test|unamedParam|alt=-{R|param}-}}|alt=galleryalt + +!! html + + +!! end + # FIXME: This test is currently broken in the PHP parser (bug 52661) !! test Don't break list handling if language converter markup is in the item. @@ -22240,7 +22269,102 @@ Ignore pipe between table row attributes !! end +!!test +Gallery override link with WikiLink (bug 34852) +!! wikitext + +File:foobar.jpg|caption|alt=galleryalt|link=InterWikiLink + +!! html + + +!! end + +!!test +Gallery override link with absolute external link (bug 34852) +!! wikitext + +File:foobar.jpg|caption|alt=galleryalt|link=http://www.example.org + +!! html + + +!! end + !! test +Gallery override link with absolute external link with LanguageConverter +!! options +language=zh +!! input + +File:foobar.jpg|caption|alt=galleryalt|link=http://www.example.org + +!! result + + +!! end + +!!test +Gallery override link with malicious javascript (bug 34852) +!! wikitext + +File:foobar.jpg|caption|alt=galleryalt|link=" onclick="alert('malicious javascript code!'); + +!! html + + +!! end + +!!test +Gallery with invalid title as link (bug 43964) +!! wikitext + +File:foobar.jpg|link=< + +!! html + + +!! end + +!!test Language parser function !! wikitext {{#language:ar}} -- 2.20.1