* (bug 1877) JavaScript error in page editing in some localizations

Add wfEscapeJsString() function to do proper escaping of JavaScript string literals.

diff --git a/includes/EditPage.php b/includes/EditPage.php
index 7f042ca..4f3d633 100644 (file)
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1028,7 +1028,7 @@ END
                        $image=$wgStylePath.'/common/images/'.$tool['image'];
                        $open=$tool['open'];
                        $close=$tool['close'];
-                       $sample = addslashes( $tool['sample'] );
+                       $sample = wfEscapeJsString( $tool['sample'] );
 
                        // Note that we use the tip both for the ALT tag and the TITLE tag of the image.
                        // Older browsers show a "speedtip" type message only for ALT.
@@ -1041,7 +1041,8 @@ END
                        $toolbar.="addButton('$image','$tip','$open','$close','$sample');\n";
                }
 
-               $toolbar.="addInfobox('" . addslashes( wfMsg( "infobox" ) ) . "','" . addslashes(wfMsg("infobox_alert")) . "');\n";
+               $toolbar.="addInfobox('" . wfEscapeJsString( wfMsg( "infobox" ) ) .
+                       "','" . wfEscapeJsString( wfMsg( "infobox_alert" ) ) . "');\n";
                $toolbar.="document.writeln(\"</div>\");\n";
 
                $toolbar.="/*]]>*/\n</script>";

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 61a6abc..59be121 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -673,6 +673,30 @@ function wfQuotedPrintable( $string, $charset = '' ) {
        return $out;
 }
 
+/**
+ * Returns an escaped string suitable for inclusion in a string literal
+ * for JavaScript source code.
+ * Illegal control characters are assumed not to be present.
+ *
+ * @param string $string
+ * @return string
+ */
+function wfEscapeJsString( $string ) {
+       // See ECMA 262 section 7.8.4 for string literal format
+       $pairs = array(
+               "\\" => "\\\\",
+               "\"" => "\\\"",
+               "\'" => "\\\'",
+               "\n" => "\\n",
+               "\r" => "\\r",
+               
+               # To avoid closing the element or CDATA section
+               "<" => "\\x3c",
+               ">" => "\\x3e",
+       );
+       return strtr( $string, $pairs );
+}
+
 /**
  * @todo document
  * @return float

diff --git a/includes/Linker.php b/includes/Linker.php
index c65aa6d..c0bff50 100644 (file)
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -719,13 +719,13 @@ class Linker {
        /** @todo document */
        function tocList($toc) {
                return "<table id='toc' class='toc'><tr><td>" 
-                          . "<div id='toctitle'><h2>" . wfMsg('toc') . "</h2></div>\n"
+                          . "<div id='toctitle'><h2>" . wfMsgForContent('toc') . "</h2></div>\n"
                     . $toc
                                 . "</ul>\n</td></tr></table>\n"
                                 . '<script type="text/javascript">'
                                 . ' if (window.showTocToggle) {'
-                                . ' var tocShowText = "' . addslashes( wfMsg('showtoc') ) . '";'
-                                . ' var tocHideText = "' . addslashes( wfMsg('hidetoc') ) . '"; '
+                                . ' var tocShowText = "' . wfEscapeJsString( wfMsgForContent('showtoc') ) . '";'
+                                . ' var tocHideText = "' . wfEscapeJsString( wfMsgForContent('hidetoc') ) . '";'
                                 . ' showTocToggle();'
                                 . ' } '
                                 . "</script>\n";