From 63d80f72c1cba40dfbe733eb104d223a8576f713 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 14 Sep 2004 05:49:15 +0000 Subject: [PATCH] Prudency measure: only enable $wgRawHtml usage if $wgWhitelistEdit is on. --- includes/DefaultSettings.php | 6 +++--- includes/Parser.php | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 6dc5caf801..e03022b7a2 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -613,9 +613,9 @@ $wgGoToEdit = false; $wgUserHtml = true; # Allow raw, unchecked HTML in ... sections. -# THIS IS VERY DANGEROUS on a publically editable site. -# Don't enable it unless you've restricted editing to trusted -# users only. +# THIS IS VERY DANGEROUS on a publically editable site, so +# you can't enable it unless you've restricted editing to +# trusted users only with $wgWhitelistEdit. $wgRawHtml = false; # $wgUseTidy: use tidy to make sure HTML output is sane. diff --git a/includes/Parser.php b/includes/Parser.php index 6b7bb4698b..0d1d4b7c04 100644 --- a/includes/Parser.php +++ b/includes/Parser.php @@ -53,6 +53,7 @@ define( 'STRIP_COMMENTS', 'HTMLCommentStrip' ); # prefix for escaping, used in two functions at least define( 'UNIQ_PREFIX', 'NaodW29'); +#define( 'UNIQ_PREFIX', "\x07NaodW29"); # Constants needed for external link processing define( 'URL_PROTOCOLS', 'http|https|ftp|irc|gopher|news|mailto' ); @@ -240,8 +241,8 @@ class Parser #$text = str_replace( $uniq_prefix, wfHtmlEscapeFirst( $uniq_prefix ), $text ); # html - global $wgRawHtml; - if( $wgRawHtml ) { + global $wgRawHtml, $wgWhitelistEdit; + if( $wgRawHtml && $wgWhitelistEdit ) { $text = Parser::extractTags('html', $text, $html_content, $uniq_prefix); foreach( $html_content as $marker => $content ) { if ($render ) { -- 2.20.1