From 12153478efd357f3f43014df6c8620049f828651 Mon Sep 17 00:00:00 2001 From: Ryan Schmidt Date: Mon, 8 Jun 2009 16:53:39 +0000 Subject: [PATCH] * DISPLAYTITLE fixes: ** DISPLAYTITLE now parses the single-quote items of wiki markup (bold and italic). ** Remove UNIQ markers from the output due to people putting tags in there (nowiki, ref, etc.). ** Forbid hr and br elements from being in DISPLAYTITLE as well. --- RELEASE-NOTES | 1 + includes/parser/CoreParserFunctions.php | 54 ++++++++++++++----------- 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index ac9d9ff99e..6048e8803d 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -79,6 +79,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 14866) Messages 'recentchangeslinked-toolbox' and 'recentchangeslinked-toolbox' were added to allow more fine grained customisation of the user interface +* DISPLAYTITLE now accepts a limited amount of wiki markup (the single-quote items) === Bug fixes in 1.16 === diff --git a/includes/parser/CoreParserFunctions.php b/includes/parser/CoreParserFunctions.php index be6d55a843..129fca1262 100644 --- a/includes/parser/CoreParserFunctions.php +++ b/includes/parser/CoreParserFunctions.php @@ -88,19 +88,19 @@ class CoreParserFunctions { return array( 'found' => false ); } } - + static function formatDate( $parser, $date, $defaultPref = null ) { $df = DateFormatter::getInstance(); - + $date = trim($date); - + $pref = $parser->mOptions->getDateFormat(); - + // Specify a different default date format other than the the normal default - // iff the user has 'default' for their setting + // iff the user has 'default' for their setting if ($pref == 'default' && $defaultPref) $pref = $defaultPref; - + $date = $df->reformat( $pref, $date, array('match-whole') ); return $date; } @@ -198,10 +198,10 @@ class CoreParserFunctions { // default $gender = User::getDefaultOption( 'gender' ); - + // allow prefix. $title = Title::newFromText( $user ); - + if (is_object( $title ) && $title->getNamespace() == NS_USER) $user = $title->getText(); @@ -233,13 +233,21 @@ class CoreParserFunctions { */ static function displaytitle( $parser, $text = '' ) { global $wgRestrictDisplayTitle; - + + #parse a limited subset of wiki markup (just the single quote items) + $text = $parser->doQuotes( $text ); + + #remove stripped text (e.g. the UNIQ-QINU stuff) that was generated by tag extensions/whatever + $text = preg_replace( '/' . preg_quote( $parser->uniqPrefix(), '/' ) . '.*?' + . preg_quote( Parser::MARKER_SUFFIX, '/' ) . '/', '', $text ); + #list of disallowed tags for DISPLAYTITLE #these will be escaped even though they are allowed in normal wiki text - $bad = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'div', 'blockquote', 'ol', 'ul', 'li', - 'table', 'tr', 'th', 'td', 'dl', 'dd', 'caption', 'p', 'ruby', 'rb', 'rt', 'rp' ); - + $bad = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'div', 'blockquote', 'ol', 'ul', 'li', 'hr', + 'table', 'tr', 'th', 'td', 'dl', 'dd', 'caption', 'p', 'ruby', 'rb', 'rt', 'rp', 'br' ); + #only requested titles that normalize to the actual title are allowed through + #if $wgRestrictDisplayTitle is true (it is by default) #mimic the escaping process that occurs in OutputPage::setPageTitle $text = Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $text, null, array(), array(), $bad ) ); $title = Title::newFromText( Sanitizer::stripAllTags( $text ) ); @@ -304,9 +312,9 @@ class CoreParserFunctions { } static function numberingroup( $parser, $name = '', $raw = null) { return self::formatRaw( SiteStats::numberingroup( strtolower( $name ) ), $raw ); - } + } + - /** * Given a title, return the namespace name that would be given by the * corresponding magic word @@ -400,7 +408,7 @@ class CoreParserFunctions { if ( is_null($t) ) return ''; return wfUrlEncode( str_replace( ' ', '_', $t->getBaseText() ) ); - } + } static function talkpagename( $parser, $title = null ) { $t = Title::newFromText( $title ); if ( is_null($t) || !$t->canTalk() ) @@ -425,7 +433,7 @@ class CoreParserFunctions { return ''; return $t->getSubjectPage()->getPrefixedUrl(); } - + /** * Return the number of pages in the given category, or 0 if it's nonexis- * tent. This is an expensive parser function and can't be called too many @@ -482,13 +490,13 @@ class CoreParserFunctions { $rev = Revision::newFromTitle($title); $id = $rev ? $rev->getPage() : 0; $length = $cache[$page] = $rev ? $rev->getSize() : 0; - + // Register dependency in templatelinks $parser->mOutput->addTemplate( $title, $id, $rev ? $rev->getId() : 0 ); - } + } return self::formatRaw( $length, $raw ); } - + /** * Returns the requested protection level for the current page */ @@ -509,12 +517,12 @@ class CoreParserFunctions { * Unicode-safe str_pad with the restriction that $length is forced to be <= 500 */ static function pad( $string, $length, $padding = '0', $direction = STR_PAD_RIGHT ) { - $lengthOfPadding = mb_strlen( $padding ); + $lengthOfPadding = mb_strlen( $padding ); if ( $lengthOfPadding == 0 ) return $string; - + # The remaining length to add counts down to 0 as padding is added $length = min( $length, 500 ) - mb_strlen( $string ); - # $finalPadding is just $padding repeated enough times so that + # $finalPadding is just $padding repeated enough times so that # mb_strlen( $string ) + mb_strlen( $finalPadding ) == $length $finalPadding = ''; while ( $length > 0 ) { @@ -523,7 +531,7 @@ class CoreParserFunctions { $finalPadding .= mb_substr( $padding, 0, $length ); $length -= $lengthOfPadding; } - + if ( $direction == STR_PAD_LEFT ) { return $finalPadding . $string; } else { -- 2.20.1