From e4d211703cb51b78790d4001c7e617af3072e6ed Mon Sep 17 00:00:00 2001 From: Remember the dot Date: Thu, 9 Apr 2009 05:15:43 +0000 Subject: [PATCH] (bug 12998) Allow , , etc. in DISPLAYTITLE --- RELEASE-NOTES | 1 + includes/GlobalFunctions.php | 4 ++-- includes/OutputPage.php | 22 +++++++++++++++++++--- includes/parser/CoreParserFunctions.php | 16 +++++++--------- skins/Modern.php | 2 +- skins/MonoBook.php | 2 +- 6 files changed, 31 insertions(+), 16 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 62a861ad6f..e2cd34fc87 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -332,6 +332,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 18009) $wgHooks and $wgExtensionFunctions now support closures * (bug 17948) Maintenance scripts now exit(0) or exit(1) as appropriate * (bug 18377) Time in Enhanced ChangesList lacking localisation +* (bug 12998) Allow , , etc. in DISPLAYTITLE == API changes in 1.15 == * (bug 16858) Revamped list=deletedrevs to make listing deleted contributions diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index db30c459dc..4668652955 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -606,7 +606,7 @@ function wfMsgNoDBForContent( $key ) { * @param $forContent Boolean * @return String: the requested message. */ -function wfMsgReal( $key, $args, $useDB = true, $forContent=false, $transform = true ) { +function wfMsgReal( $key, $args, $useDB = true, $forContent = false, $transform = true ) { wfProfileIn( __METHOD__ ); $message = wfMsgGetKey( $key, $useDB, $forContent, $transform ); $message = wfMsgReplaceArgs( $message, $args ); @@ -618,7 +618,7 @@ function wfMsgReal( $key, $args, $useDB = true, $forContent=false, $transform = * This function provides the message source for messages to be edited which are *not* stored in the database. * @param $key String: */ -function wfMsgWeirdKey ( $key ) { +function wfMsgWeirdKey( $key ) { $source = wfMsgGetKey( $key, false, true, false ); if ( wfEmptyMsg( $key, $source ) ) return ""; diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 1e54354765..a57bf3f96b 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -320,18 +320,34 @@ class OutputPage { } } - public function setHTMLTitle( $name ) { $this->mHTMLtitle = $name; } + /** + * "HTML title" means the contents of . It is stored as plain, unescaped text and will be run through htmlspecialchars in the skin file. + */ + public function setHTMLTitle( $name ) { + $this->mHTMLtitle = $name; + } + + /** + * "Page title" means the contents of <h1>. It is stored as a valid HTML fragment. + * This function allows good tags like <sup> in the <h1> tag, but not bad tags like <script>. + * This function automatically sets <title> to the same content as <h1> but with all tags removed. + * Bad tags that were escaped in <h1> will still be escaped in <title>, and good tags like <i> will be dropped entirely. + */ public function setPageTitle( $name ) { global $wgContLang; $name = $wgContLang->convert( $name, true ); - $this->mPagetitle = $name; + # change "<script>foo&bar</script>" to "<script>foo&bar</script>" + # but leave "<i>foobar</i>" alone + $nameWithTags = Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $name ) ); + $this->mPagetitle = $nameWithTags; $taction = $this->getPageTitleActionText(); if( !empty( $taction ) ) { $name .= ' - '.$taction; } - $this->setHTMLTitle( wfMsg( 'pagetitle', $name ) ); + # change "<i>foo&bar</i>" to "foo&bar" + $this->setHTMLTitle( wfMsg( 'pagetitle', Sanitizer::stripAllTags( $nameWithTags ) ) ); } public function setTitle( $t ) { diff --git a/includes/parser/CoreParserFunctions.php b/includes/parser/CoreParserFunctions.php index f7368f3988..fb50b4697c 100644 --- a/includes/parser/CoreParserFunctions.php +++ b/includes/parser/CoreParserFunctions.php @@ -229,17 +229,15 @@ class CoreParserFunctions { * @param string $text Desired title text * @return string */ - static function displaytitle( $parser, $text = '' ) { - global $wgRestrictDisplayTitle; - $text = trim( Sanitizer::decodeCharReferences( $text ) ); + static function displaytitle( $parser, $displayTitle = '' ) { + #only requested titles that normalize to the actual title are allowed through + #mimic the escaping process that occurs in OutputPage::setPageTitle + $title = Title::newFromText( Sanitizer::stripAllTags( Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $displayTitle ) ) ) ); - if ( !$wgRestrictDisplayTitle ) { - $parser->mOutput->setDisplayTitle( $text ); - } else { - $title = Title::newFromText( $text ); - if( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) - $parser->mOutput->setDisplayTitle( $text ); + if ( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) { + $parser->mOutput->setDisplayTitle( $displayTitle ); } + return ''; } diff --git a/skins/Modern.php b/skins/Modern.php index 6b6651d138..4205aa579f 100644 --- a/skins/Modern.php +++ b/skins/Modern.php @@ -102,7 +102,7 @@ class ModernTemplate extends QuickTemplate { class="mediawiki <?php $this->text('dir') ?> <?php $this->text('pageclass') ?> <?php $this->text('skinnameclass') ?>"> <!-- heading --> - <div id="mw_header"><h1 id="firstHeading"><?php $this->data['displaytitle']!=""?$this->html('title'):$this->text('title') ?></h1></div> + <div id="mw_header"><h1 id="firstHeading"><?php $this->html('title') ?></h1></div> <div id="mw_main"> <div id="mw_contentwrapper"> diff --git a/skins/MonoBook.php b/skins/MonoBook.php index 2312de0fc8..16803541f3 100644 --- a/skins/MonoBook.php +++ b/skins/MonoBook.php @@ -115,7 +115,7 @@ class MonoBookTemplate extends QuickTemplate { <div id="content"> <a name="top" id="top"></a> <?php if($this->data['sitenotice']) { ?><div id="siteNotice"><?php $this->html('sitenotice') ?></div><?php } ?> - <h1 id="firstHeading" class="firstHeading"><?php $this->data['displaytitle']!=""?$this->html('title'):$this->text('title') ?></h1> + <h1 id="firstHeading" class="firstHeading"><?php $this->html('title') ?></h1> <div id="bodyContent"> <h3 id="siteSub"><?php $this->msg('tagline') ?></h3> <div id="contentSub"><?php $this->html('subtitle') ?></div> -- 2.20.1