* Added $wgNoFollowDomainExceptions to allow exempting particular domain names
from rel="nofollow" on external links
* (bug 12970) Brought back $wgUseImageResize.
-* Added $wgRedirectOnLogin to allow specifying a page to redirect users to upon
- logging in (for example, "Main Page")
+* Added $wgRedirectOnLogin to allow specifying a specifc page to redirect users
+ to upon logging in (ex: "Main Page")
* Add $wgExportFromNamespaces for enabling/disabling the "export all from
namespace" option (disabled by default)
* (bug 18222) $wgMinimalPasswordLength default is now 1
* $wgSessionHandler can be used to configure session.save_handler
-* Removed $wgRestrictDisplayTitle, in effect permanently setting it to true.
- Without this variable, the DISPLAYTITLE magic word will only accept titles
- that are equivalent to the actual page title.
=== New features in 1.15 ===
*/
$wgAllowDisplayTitle = true;
+/**
+ * for consistency, restrict DISPLAYTITLE to titles that normalize to the same canonical DB key
+ */
+$wgRestrictDisplayTitle = true;
+
/**
* Array of usernames which may not be registered or logged in from
* Maintenance scripts can still use these
* @param string $text
* @param callback $processCallback to do any variable or parameter replacements in HTML attribute values
* @param array $args for the processing callback
+ * @param array $extratags for any extra tags to include
+ * @param array $removetags for any tags (default or extra) to exclude
* @return string
*/
- static function removeHTMLtags( $text, $processCallback = null, $args = array(), $extratags = array() ) {
+ static function removeHTMLtags( $text, $processCallback = null, $args = array(), $extratags = array(), $removetags = array() ) {
global $wgUseTidy;
static $htmlpairs, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags,
'li',
);
- $htmlsingleallowed = array_merge( $htmlsingle, $tabletags );
- $htmlelements = array_merge( $htmlsingle, $htmlpairs, $htmlnest );
+ $htmlsingleallowed = array_unique( array_merge( $htmlsingle, $tabletags ) );
+ # Only allow elements that aren't specified in $removetags
+ # Doing it here since this is the top-level check
+ $htmlelements = array_diff( array_unique( array_merge( $htmlsingle, $htmlpairs, $htmlnest ) ), $removetags );
# Convert them all to hashtables for faster lookup
$vars = array( 'htmlpairs', 'htmlsingle', 'htmlsingleonly', 'htmlnest', 'tabletags',
* @param string $text Desired title text
* @return string
*/
- static function displaytitle( $parser, $displayTitle = '' ) {
+ static function displaytitle( $parser, $text = '' ) {
+ global $wgRestrictDisplayTitle;
+
+ #list of disallowed tags for DISPLAYTITLE
+ #these will be escaped even though they are allowed in normal wiki text
+ $bad = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'div', 'blockquote', 'ol', 'ul', 'li',
+ 'table', 'tr', 'th', 'td', 'dl', 'dd', 'caption', 'p', 'ruby', 'rb', 'rt', 'rp' );
+
#only requested titles that normalize to the actual title are allowed through
#mimic the escaping process that occurs in OutputPage::setPageTitle
- $title = Title::newFromText( Sanitizer::stripAllTags( Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $displayTitle ) ) ) );
+ $text = Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $text, null, array(), array(), $bad ) );
+ $title = Title::newFromText( Sanitizer::stripAllTags( $text ) );
- if ( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) {
- $parser->mOutput->setDisplayTitle( $displayTitle );
+ if( !$wgRestrictDisplayTitle ) {
+ $parser->mOutput->setDisplayTitle( $text );
+ } else {
+ if ( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) {
+ $parser->mOutput->setDisplayTitle( $text );
+ }
}
return '';