From 82ed5e1d9cf127a34689f46491908c59892e3a72 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Sun, 1 May 2005 18:15:58 +0000
Subject: [PATCH] Changed input attribute syntax to be more user-friendly and
 less standards-compliant. This is wikitext not XHTML after all.

---
 includes/Sanitizer.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index e6c56e98b4..384fd2091d 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -216,7 +216,10 @@ class Sanitizer {
 			return '';
 		}
 		
-		$attrib = '[A-Za-z0-9]'; #FIXME
+		# Unquoted attribute
+		# Since we quote this later, this can be anything distinguishable 
+		# from the end of the attribute
+		$attrib = '[A-Za-z0-9]'; 
 		$space = '[\x09\x0a\x0d\x20]';
 		if( !preg_match_all(
 			"/(?:^|$space)($attrib+)
@@ -225,7 +228,7 @@ class Sanitizer {
 			     # The attribute value: quoted or alone
 			      \"([^<\"]*)\"
 			     | '([^<']*)'
-			     |  ([a-zA-Z0-9._:-]+)
+			     |  ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
 			     |  (\#[0-9a-fA-F]+) # Technically wrong, but lots of
 			                         # colors are specified like this.
 			                         # We'll be normalizing it.
-- 
2.20.1