More fixes for PHPTAL 1.0 on PHP5. Apparently it's a bug in PHPTAl 0.7 that

substitutions with ${name} are not HTML-escaped... Replaced various inline
bits with tal:content or tal:replace using the 'structure' keyword to do
this in a compatible way, but some bits may be remaining.

Also changed some uses to tal:attributes, and took the htmlspecialchars()
off of the settings in SkinPHPTal to let them get escaped normally.
The main page logo link is currently bitten by this as i18n:attributes
and tal:attributes can't be used together on 0.7.0; this needs tweaking.

PHPTAL 1.0 currently doesn't escape the tal:attributes bits, but this seems
to be a simple bug and should be fixed soon, I hope.

diff --git a/includes/SkinPHPTal.php b/includes/SkinPHPTal.php
index 9aa80dd..a836f29 100644 (file)
--- a/includes/SkinPHPTal.php
+++ b/includes/SkinPHPTal.php
@@ -590,25 +590,25 @@ class SkinPHPTal extends Skin {
                $diff = $wgRequest->getVal( 'diff' );
                // XXX: remove htmlspecialchars when tal:attributes works with i18n:attributes
                $nav_urls = array();
-               $nav_urls['mainpage'] = array('href' => htmlspecialchars( $this->makeI18nUrl('mainpage')));
-               $nav_urls['randompage'] = array('href' => htmlspecialchars( $this->makeSpecialUrl('Randompage')));
-               $nav_urls['recentchanges'] = array('href' => htmlspecialchars( $this->makeSpecialUrl('Recentchanges')));
-               $nav_urls['currentevents'] = (wfMsg('currentevents') != '-') ? array('href' => htmlspecialchars( $this->makeI18nUrl('currentevents'))) : false;
-               $nav_urls['portal'] = (wfMsg('portal') != '-') ? array('href' => htmlspecialchars( $this->makeI18nUrl('portal-url'))) : false;
-               $nav_urls['bugreports'] = array('href' => htmlspecialchars( $this->makeI18nUrl('bugreportspage')));
-               // $nav_urls['sitesupport'] = array('href' => htmlspecialchars( $this->makeI18nUrl('sitesupportpage')));
-               $nav_urls['sitesupport'] = array('href' => htmlspecialchars( $wgSiteSupportPage));
-               $nav_urls['help'] = array('href' => htmlspecialchars( $this->makeI18nUrl('helppage')));
+               $nav_urls['mainpage'] = array('href' => $this->makeI18nUrl('mainpage'));
+               $nav_urls['randompage'] = array('href' => $this->makeSpecialUrl('Randompage'));
+               $nav_urls['recentchanges'] = array('href' => $this->makeSpecialUrl('Recentchanges'));
+               $nav_urls['currentevents'] = (wfMsg('currentevents') != '-') ? array('href' => $this->makeI18nUrl('currentevents')) : false;
+               $nav_urls['portal'] = (wfMsg('portal') != '-') ? array('href' => $this->makeI18nUrl('portal-url')) : false;
+               $nav_urls['bugreports'] = array('href' => $this->makeI18nUrl('bugreportspage'));
+               // $nav_urls['sitesupport'] = array('href' => $this->makeI18nUrl('sitesupportpage'));
+               $nav_urls['sitesupport'] = array('href' => $wgSiteSupportPage);
+               $nav_urls['help'] = array('href' => $this->makeI18nUrl('helppage'));
                if( $this->loggedin && !$wgDisableUploads ) {
-                       $nav_urls['upload'] = array('href' => htmlspecialchars( $this->makeSpecialUrl('Upload')));
+                       $nav_urls['upload'] = array('href' => $this->makeSpecialUrl('Upload'));
                } else {
                        $nav_urls['upload'] = false;
                }
-               $nav_urls['specialpages'] = array('href' => htmlspecialchars( $this->makeSpecialUrl('Specialpages')));
+               $nav_urls['specialpages'] = array('href' => $this->makeSpecialUrl('Specialpages'));
 
                if( $wgTitle->getNamespace() != NS_SPECIAL) {
-               $nav_urls['whatlinkshere'] = array('href' => htmlspecialchars( $this->makeSpecialUrl('Whatlinkshere', 'target='.urlencode( $this->thispage ))));
-               $nav_urls['recentchangeslinked'] = array('href' => htmlspecialchars( $this->makeSpecialUrl('Recentchangeslinked', 'target='.urlencode( $this->thispage ))));
+               $nav_urls['whatlinkshere'] = array('href' => $this->makeSpecialUrl('Whatlinkshere', 'target='.urlencode( $this->thispage)));
+               $nav_urls['recentchangeslinked'] = array('href' => $this->makeSpecialUrl('Recentchangeslinked', 'target='.urlencode( $this->thispage)));
                }
 
                if( $wgTitle->getNamespace() == NS_USER || $wgTitle->getNamespace() == NS_USER_TALK ) {
@@ -621,7 +621,7 @@ class SkinPHPTal extends Skin {
 
                if($id || $ip) { # both anons and non-anons have contri list
                        $nav_urls['contributions'] = array(
-                               'href' => htmlspecialchars( $this->makeSpecialUrl('Contributions', "target=" . $wgTitle->getPartialURL() ) )
+                               'href' => $this->makeSpecialUrl('Contributions', "target=" . $wgTitle->getPartialURL() )
                        );
                } else {
                        $nav_urls['contributions'] = false;
@@ -630,7 +630,7 @@ class SkinPHPTal extends Skin {
                if ( 0 != $wgUser->getID() ) { # show only to signed in users
                        if($id) {       # can only email non-anons
                                $nav_urls['emailuser'] = array(
-                                       'href' => htmlspecialchars( $this->makeSpecialUrl('Emailuser', "target=" . $wgTitle->getPartialURL() ) )
+                                       'href' => $this->makeSpecialUrl('Emailuser', "target=" . $wgTitle->getPartialURL() )
                                );
                        }
                }

diff --git a/skins/MonoBook.pt b/skins/MonoBook.pt
index aa5e344..1477424 100644 (file)
--- a/skins/MonoBook.pt
+++ b/skins/MonoBook.pt
@@ -2,7 +2,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="${lang}" lang="${lang}" dir="${dir}">
   <head>
     <meta http-equiv="Content-Type" content="${mimetype}; charset=${charset}" />
-    ${headlinks}
+    <div tal:replace="structure headlinks"></div>
     <title tal:content="pagetitle">Exciting xhtml slimfast</title>
     <style type="text/css" media="screen,projection">/*<![CDATA[*/ @import "${stylepath}/${stylename}/main.css"; /*]]>*/</style>
     <link rel="stylesheet" type="text/css" media="print" href="${stylepath}/common/commonPrint.css" />
@@ -12,14 +12,14 @@
     <script type="text/javascript" tal:attributes="src jsvarurl"></script>
     <script type="text/javascript" src="${stylepath}/common/wikibits.js"></script>
     <style tal:condition="usercss" type="text/css">/*<![CDATA[*/ ${usercss} /*]]>*/</style>
-    <script tal:condition="userjs" type="text/javascript" tal:attributes="src userjs">/**/</script><script 
+    <script tal:condition="userjs" type="text/javascript" tal:attributes="src userjs"></script><script 
       tal:condition="userjsprev" type="text/javascript">/*<![CDATA[*/${userjsprev}/*]]>*/</script>
   </head>
   <body tal:attributes="ondblclick body_ondblclick|default; class nsclass|default">
     <div id="globalWrapper">
       <div id="column-content">
        <div id="content">
-         <a name="top" id="contentTop"><!-- buffer for PHPTAL --></a>
+         <a name="top" id="contentTop"></a>
          <div id="siteNotice" tal:condition="sitenotice" tal:content="structure sitenotice"></div>
          <h1 class="firstHeading" tal:content="title">Leonardo da Vinci</h1>
          <div id="bodyContent">
@@ -28,10 +28,10 @@
            <div id="contentSub" tal:condition="undelete" tal:content="structure undelete"></div>
            <div tal:condition="newtalk" class="usermessage" tal:content="structure newtalk"></div>
            <!-- start content -->
-           ${bodytext}
+           <div tal:replace="structure bodytext"></div>
            <div tal:condition="catlinks" id="catlinks" tal:content="structure catlinks"></div>
            <!-- end content -->
-           <div class="visualClear"><!-- --></div>
+           <div class="visualClear"></div>
          </div>
        </div>
       </div>
@@ -72,7 +72,7 @@
        <div id="p-search" class="portlet">
          <h5 i18n:translate="string:search">Search</h5>
          <div class="pBody">
-           <form name="searchform" action="${searchaction}" id="searchform">
+           <form name="searchform" tal:attributes="action searchaction" id="searchform">
              <input id="searchInput" name="search" type="text"
              i18n:attributes="accesskey string:accesskey-search | default"/>
              <input type='submit' name="go" value="Go" class="searchButton" 
@@ -86,9 +86,9 @@
          <h5 i18n:translate="string:toolbox">Toolbox</h5>
          <div class="pBody">
            <ul>
-             <li id="t-whatlinkshere" tal:condition="notspecialpage"><a href="${nav_urls/whatlinkshere/href}"
+             <li id="t-whatlinkshere" tal:condition="notspecialpage"><a tal:attributes="href nav_urls/whatlinkshere/href"
                i18n:translate="string:whatlinkshere">What links here</a></li>
-             <li id="t-recentchangeslinked" tal:condition="notspecialpage"><a href="${nav_urls/recentchangeslinked/href}"
+             <li id="t-recentchangeslinked" tal:condition="notspecialpage"><a tal:attributes="href nav_urls/recentchangeslinked/href"
                i18n:translate="string:recentchangeslinked">Related Changes</a></li>
              <li tal:condition="feeds" id="feedlinks">
              <span i18n:translate="string:feedlinks">Feeds:</span>
@@ -97,13 +97,13 @@
                  tal:attributes="href feed/href;"
                  tal:content="feed/text">rss</a>&nbsp;</span>
              </li>
-             <li id="t-contributions" tal:condition="nav_urls/contributions"><a href="${nav_urls/contributions/href}"
+             <li id="t-contributions" tal:condition="nav_urls/contributions"><a tal:attributes="href nav_urls/contributions/href"
                i18n:translate="string:contributions">Contributions</a></li>
-             <li id="t-emailuser" tal:condition="nav_urls/emailuser"><a href="${nav_urls/emailuser/href}"
+             <li id="t-emailuser" tal:condition="nav_urls/emailuser"><a tal:attributes="href nav_urls/emailuser/href"
                i18n:translate="string:emailuser">Email this user</a></li>
-             <li id="t-upload" tal:condition="nav_urls/upload"><a href="${nav_urls/upload/href}"
+             <li id="t-upload" tal:condition="nav_urls/upload"><a tal:attributes="href nav_urls/upload/href"
                i18n:translate="string:upload">Upload a file</a></li>
-             <li id="t-specialpages"><a href="${nav_urls/specialpages/href}"
+             <li id="t-specialpages"><a tal:attributes="href nav_urls/specialpages/href"
                i18n:translate="string:specialpages">Special Pages</a></li>
            </ul>
          </div>
@@ -122,18 +122,18 @@
       </div><!-- end of the left (by default at least) column -->
       <div class="visualClear"></div>
       <div id="footer">
-       <div id="f-poweredbyico" tal:condition="poweredbyico">${poweredbyico}</div>
-       <div id="f-copyrightico" tal:condition="copyrightico">${copyrightico}</div>
+       <div id="f-poweredbyico" tal:condition="poweredbyico" tal:content="structure poweredbyico"></div>
+       <div id="f-copyrightico" tal:condition="copyrightico" tal:content="structure copyrightico"></div>
        <ul id="f-list">
-         <li id="f-lastmod" tal:condition="lastmod">${lastmod}</li>
-         <li id="f-viewcount" tal:condition="viewcount">${viewcount}</li>
-         <li id="f-credits" tal:condition="credits">${credits}</li>
-         <li id="f-copyright" tal:condition="copyright">${copyright}</li>
-         <li id="f-about" tal:condition="about">${about}</li>
-         <li id="f-disclaimer" tal:condition="disclaimer">${disclaimer}</li>
+         <li id="f-lastmod" tal:condition="lastmod" tal:content="structure lastmod"></li>
+         <li id="f-viewcount" tal:condition="viewcount" tal:content="structure viewcount"></li>
+         <li id="f-credits" tal:condition="credits" tal:content="structure credits"></li>
+         <li id="f-copyright" tal:condition="copyright" tal:content="structure copyright"></li>
+         <li id="f-about" tal:condition="about" tal:content="structure about"></li>
+         <li id="f-disclaimer" tal:condition="disclaimer" tal:content="structure disclaimer"></li>
        </ul>
       </div>
     </div>
-    ${reporttime}
+    <div tal:replace="structure reporttime"></div>
   </body>
 </html>