<?php
/**
- * Internationalisation code
+ * Internationalisation code.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
*
* @file
* @ingroup Language
*/
public static function isValidCode( $code ) {
return
- strcspn( $code, ":/\\\000" ) === strlen( $code )
+ // People think language codes are html safe, so enforce it.
+ // Ideally we should only allow a-zA-Z0-9-
+ // but, .+ and other chars are often used for {{int:}} hacks
+ // see bugs 37564, 37587, 36938
+ strcspn( $code, ":/\\\000&<>'\"" ) === strlen( $code )
&& !preg_match( Title::getTitleInvalidRegex(), $code );
}
*
* @param $code string
*
+ * @throws MWException
* @since 1.18
* @return bool
*/
$mwNames = $wgExtraLanguageNames + $coreLanguageNames;
foreach ( $mwNames as $mwCode => $mwName ) {
# - Prefer own MediaWiki native name when not using the hook
- # TODO: prefer it always to make it consistent, but casing is different in CLDR
# - For other names just add if not added through the hook
- if ( ( $mwCode === $inLanguage && !$inLanguage ) || !isset( $names[$mwCode] ) ) {
+ if ( $mwCode === $inLanguage || !isset( $names[$mwCode] ) ) {
$names[$mwCode] = $mwName;
}
}
/**
* Get the RFC 3066 code for this language object
*
+ * NOTE: The return value of this function is NOT HTML-safe and must be escaped with
+ * htmlspecialchars() or similar
+ *
* @return string
*/
public function getCode() {
/**
* Get the code in Bcp47 format which we can use
* inside of html lang="" tags.
+ *
+ * NOTE: The return value of this function is NOT HTML-safe and must be escaped with
+ * htmlspecialchars() or similar.
+ *
* @since 1.19
* @return string
*/
/**
* Decode an expiry (block, protection, etc) which has come from the DB
*
- * @FIXME: why are we returnings DBMS-dependent strings???
+ * @todo FIXME: why are we returnings DBMS-dependent strings???
*
* @param $expiry String: Database expiry String
* @param $format Bool|Int true to process using language functions, or TS_ constant
* @param $title Title object to link
* @param $offset Integer offset parameter
* @param $limit Integer limit parameter
- * @param $query String optional URL query parameter string
+ * @param $query array|String optional URL query parameter string
* @param $atend Bool optional param for specified if this is the last page
* @return String
*/