From: Daniel Cannon Date: Tue, 18 Sep 2007 22:10:09 +0000 (+0000) Subject: (bug 11296) Introduced special case pretty-printer rendering of the help document... X-Git-Tag: 1.31.0-rc.0~51365 X-Git-Url: http://git.cyclocoop.org/%28?a=commitdiff_plain;h=697afaae0fa2fc9ddb1f9ab89e0e180b75c601ba;p=lhc%2Fweb%2Fwiklou.git (bug 11296) Introduced special case pretty-printer rendering of the help document, whereby ampersands will not be escaped, which seems to be the only cause ATM of broken links in the help. This is a *temporary* fix while we work on getting a fully-html version of the help complete, but one that should not reintroduce any security vulnerabilities (as the only text that is unescaped is hardcoded into the API). --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 5a9945a68c..addd0d4825 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -66,6 +66,8 @@ Full API documentation is available at http://www.mediawiki.org/wiki/API * (bug 11275) Enable descending sort in categorymembers * (bug 11308) Allow the API to output the image metadata +* (bug 11296) Temporary fix for escaping of ampersands inside links in pretty-printed + help document. === Languages updated in 1.12 === diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php index b69ebafe09..cead9fcdf3 100644 --- a/includes/api/ApiFormatBase.php +++ b/includes/api/ApiFormatBase.php @@ -35,7 +35,7 @@ if (!defined('MEDIAWIKI')) { */ abstract class ApiFormatBase extends ApiBase { - private $mIsHtml, $mFormat; + private $mIsHtml, $mFormat, $mUnescapeAmps; /** * Create a new instance of the formatter. @@ -68,6 +68,18 @@ abstract class ApiFormatBase extends ApiBase { return false; } + /** + * Specify whether or not ampersands should be escaped to '&' when rendering. This + * should only be set to true for the help message when rendered in the default (xmlfm) + * format. This is a temporary special-case fix that should be removed once the help + * has been reworked to use a fully html interface. + * + * @param boolean Whether or not ampersands should be escaped. + */ + public function setUnescapeAmps ( $b ) { + $this->mUnescapeAmps = $b; + } + /** * Returns true when an HTML filtering printer should be used. * The default implementation assumes that formats ending with 'fm' @@ -161,6 +173,12 @@ See complete documentation, or // Escape everything first for full coverage $text = htmlspecialchars($text); + /* Temporary fix for bad links in help messages. As a special case, ampersands + * are not escaped in the help message. Should be removed once we have completed + * a fully-html version of the help message. */ + if ( $this->mUnescapeAmps ) + $text = ereg_replace ( '&', '&', $text ); + // encode all comments or tags as safe blue strings $text = preg_replace('/\<(!--.*?--|.*?)\>/', '<\1>', $text); // identify URLs diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 87e77666f2..3e8700f9b7 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -319,6 +319,14 @@ class ApiMain extends ApiBase { $printer = $this->mPrinter; $printer->profileIn(); $printer->initPrinter($isError); + + /* If the help message is requested in the default (xmlfm) format, + * tell the printer not to escape ampersands so that our links do + * not break. */ + $params = $this->extractRequestParams(); + $printer->setUnescapeAmps ( $this->mAction == 'help' + && $params['format'] = ApiMain::API_DEFAULT_FORMAT ); + $printer->execute(); $printer->closePrinter(); $printer->profileOut();