* @param string $name Key for the data
* @param mixed|null $default Optional default (or null)
* @return mixed The value of the data requested or the deafult
+ * @return-taint onlysafefor_htmlnoent
*/
public function get( $name, $default = null ) {
return $this->data[$name] ?? $default;
/**
* @private
* @param string $str
+ * @suppress SecurityCheck-DoubleEscaped $this->data can be either
*/
function text( $str ) {
echo htmlspecialchars( $this->data[$str] );
/**
* @private
* @param string $str
+ * @suppress SecurityCheck-XSS phan-taint-check cannot tell if $str is pre-escaped
*/
function html( $str ) {
echo $this->data[$str];
/**
* @private
* @param string $msgKey
+ * @warning You should never use this method. I18n messages should be escaped
+ * @deprecated 1.32 Use ->msg() instead.
+ * @suppress SecurityCheck-XSS
+ * @return-taint exec_html
*/
function msgHtml( $msgKey ) {
+ wfDeprecated( __METHOD__, '1.32' );
echo wfMessage( $msgKey )->text();
}
/**
* An ugly, ugly hack.
- * @private
+ * @deprecated since 1.33 Use ->msg() instead.
* @param string $msgKey
*/
function msgWiki( $msgKey ) {
+ // TODO: Add wfDeprecated( __METHOD__, '1.33' ) after 1.33 got released
global $wgOut;
- $text = wfMessage( $msgKey )->text();
- echo $wgOut->parse( $text );
+ $text = wfMessage( $msgKey )->plain();
+ echo $wgOut->parseAsInterface( $text );
}
/**