From 6b788a21d0ab09ffe50d790b84d588fd64bc5288 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?=
 <avar@users.mediawiki.org>
Date: Sat, 7 Jan 2006 08:50:07 +0000
Subject: [PATCH] * (bug 4461) Encode characters specified in the id attribute
 properly * Documentation: (X)HTML => XHTML * Formatting

---
 includes/Sanitizer.php | 41 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 127ea3b8a4..2305672259 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * (X)HTML sanitizer for MediaWiki
+ * XHTML sanitizer for MediaWiki
  *
  * Copyright (C) 2002-2005 Brion Vibber <brion@pobox.com> et al
  * http://www.mediawiki.org/
@@ -570,6 +570,9 @@ class Sanitizer {
 					continue;
 				}
 			}
+
+			if ( $attribute === 'id' )
+				$value = Sanitizer::escapeId( $value );
 			
 			# Templates and links may be expanded in later parsing,
 			# creating invalid or dangerous output. Suppress this.
@@ -592,11 +595,35 @@ class Sanitizer {
 			// Output should only have one attribute of each name.
 			$attribs[$attribute] = "$attribute=\"$value\"";
 		}
-		if( empty( $attribs ) ) {
-			return '';
-		} else {
-			return ' ' . implode( ' ', $attribs );
-		}
+
+		return count( $attribs ) ? ' ' . implode( ' ', $attribs ) : '';
+	}
+
+	/**
+	 * Given a value escape it so that it can be used in an id attribute and
+	 * return it, this does not validate the value however (see first link)
+	 *
+	 * @link http://www.w3.org/TR/html401/types.html#type-name Valid characters
+	 *                                                          in the id and
+	 *                                                          name attributes
+	 * @link http://www.w3.org/TR/html401/struct/links.html#h-12.2.3 Anchors with the id attribute
+	 *
+	 * @bug 4461
+	 *
+	 * @static
+	 *
+	 * @param string $id
+	 * @return string
+	 */
+	function escapeId( $id ) {
+		static $replace = array(
+			'%3A' => ':',
+			'%' => '.'
+		);
+		
+		$id = urlencode( Sanitizer::decodeCharReferences( strtr( $id, ' ', '_' ) ) );
+
+		return str_replace( array_keys( $replace ), array_values( $replace ), $id );
 	}
 	
 	/**
@@ -1013,7 +1040,7 @@ class Sanitizer {
 	 */
 	function stripAllTags( $text ) {
 		# Actual <tags>
-		$text = preg_replace( '/<[^>]*>/', '', $text );
+		$text = preg_replace( '/ < .*? > /x', '', $text );
 		
 		# Normalize &entities and whitespace
 		$text = Sanitizer::normalizeAttributeValue( $text );
-- 
2.20.1