X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2FSanitizer.php;h=6a568c2d0cd67e08452c893151ada38a77da1ba2;hb=b42d01059ee0d52d40b2faa00437dbc10991ea1b;hp=245714ded1d9a928f21f64069916e87e4da26c38;hpb=b7c06ae61dc99adc2d6e7fb1a95763a3fcb3ca02;p=lhc%2Fweb%2Fwiklou.git
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 245714ded1..6a568c2d0c 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -358,7 +358,7 @@ class Sanitizer {
* @param string $text
* @param callable $processCallback Callback to do any variable or parameter
* replacements in HTML attribute values
- * @param array $args Arguments for the processing callback
+ * @param array|bool $args Arguments for the processing callback
* @param array $extratags For any extra tags to include
* @param array $removetags For any tags (default or extra) to exclude
* @return string
@@ -459,7 +459,10 @@ class Sanitizer {
$badtag = true;
} elseif ( $slash ) {
# Closing a tag... is it the one we just opened?
- $ot = @array_pop( $tagstack );
+ wfSuppressWarnings();
+ $ot = array_pop( $tagstack );
+ wfRestoreWarnings();
+
if ( $ot != $t ) {
if ( isset( $htmlsingleallowed[$ot] ) ) {
# Pop all elements with an optional close tag
@@ -489,7 +492,10 @@ class Sanitizer {
}
}
} else {
- @array_push( $tagstack, $ot );
+ wfSuppressWarnings();
+ array_push( $tagstack, $ot );
+ wfRestoreWarnings();
+
#
can be nested in or , skip those cases:
if ( !isset( $htmllist[$ot] ) || !isset( $listtags[$t] ) ) {
$badtag = true;
@@ -567,9 +573,16 @@ class Sanitizer {
} else {
# this might be possible using tidy itself
foreach ( $bits as $x ) {
- preg_match( '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
- $x, $regs );
- @list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
+ preg_match(
+ '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
+ $x,
+ $regs
+ );
+
+ wfSuppressWarnings();
+ list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
+ wfRestoreWarnings();
+
$badtag = false;
if ( isset( $htmlelements[$t = strtolower( $t )] ) ) {
if ( is_callable( $processCallback ) ) {
@@ -1069,7 +1082,7 @@ class Sanitizer {
* HTML5 definition of id attribute
*
* @param string $id id to escape
- * @param $options Mixed: string or array of strings (default is array()):
+ * @param string|array $options String or array of strings (default is array()):
* 'noninitial': This is a non-initial fragment of an id, not a full id,
* so don't pay attention if the first character isn't valid at the
* beginning of an id. Only matters if $wgExperimentalHtmlIds is
@@ -1136,7 +1149,7 @@ class Sanitizer {
* This allows (generally harmless) entities like to survive.
*
* @param string $html HTML to escape
- * @return string: escaped input
+ * @return string Escaped input
*/
static function escapeHtmlAllowEntities( $html ) {
$html = Sanitizer::decodeCharReferences( $html );
@@ -1494,11 +1507,11 @@ class Sanitizer {
*/
static function setupAttributeWhitelist() {
global $wgAllowRdfaAttributes, $wgAllowMicrodataAttributes;
-
static $whitelist, $staticInitialised;
+
$globalContext = implode( '-', compact( 'wgAllowRdfaAttributes', 'wgAllowMicrodataAttributes' ) );
- if ( isset( $whitelist ) && $staticInitialised == $globalContext ) {
+ if ( $whitelist !== null && $staticInitialised == $globalContext ) {
return $whitelist;
}