From 82571fa72d85160fc679a545dd6f5d52df9e47c6 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sun, 22 Aug 2004 23:55:36 +0000
Subject: [PATCH] Add back the slower version of Title::makeTitle as
 Title::makeTitleSafe() and use it in a few places where user names, images,
 or messages are being used to create titles.

---
 includes/DifferenceEngine.php   |  8 ++++----
 includes/Image.php              |  4 ++--
 includes/OutputPage.php         |  2 +-
 includes/Skin.php               | 10 +++++-----
 includes/SpecialBooksources.php |  2 +-
 includes/Title.php              | 17 +++++++++++++++--
 index.php                       |  2 +-
 7 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/includes/DifferenceEngine.php b/includes/DifferenceEngine.php
index 744dbe778b..1bad821058 100644
--- a/includes/DifferenceEngine.php
+++ b/includes/DifferenceEngine.php
@@ -60,10 +60,10 @@ class DifferenceEngine {
 		$this->mOldComment = $sk->formatComment($this->mOldComment);
 		$this->mNewComment = $sk->formatComment($this->mNewComment);
 
-		$oldUserLink = $sk->makeLinkObj( Title::makeTitle( NS_USER, $this->mOldUser ), $this->mOldUser );
-		$newUserLink = $sk->makeLinkObj( Title::makeTitle( NS_USER, $this->mNewUser ), $this->mNewUser );
-		$oldUTLink = $sk->makeLinkObj( Title::makeTitle( NS_USER_TALK, $this->mOldUser ), $talk );
-		$newUTLink = $sk->makeLinkObj( Title::makeTitle( NS_USER_TALK, $this->mNewUser ), $talk );
+		$oldUserLink = $sk->makeLinkObj( Title::makeTitleSafe( NS_USER, $this->mOldUser ), $this->mOldUser );
+		$newUserLink = $sk->makeLinkObj( Title::makeTitleSafe( NS_USER, $this->mNewUser ), $this->mNewUser );
+		$oldUTLink = $sk->makeLinkObj( Title::makeTitleSafe( NS_USER_TALK, $this->mOldUser ), $talk );
+		$newUTLink = $sk->makeLinkObj( Title::makeTitleSafe( NS_USER_TALK, $this->mNewUser ), $talk );
 		$oldContribs = $sk->makeKnownLinkObj( Title::makeTitle( NS_SPECIAL, 'Contributions' ), $contribs,
 			'target=' . urlencode($this->mOldUser) );
 		$newContribs = $sk->makeKnownLinkObj( Title::makeTitle( NS_SPECIAL, 'Contributions' ), $contribs,
diff --git a/includes/Image.php b/includes/Image.php
index ae2ca8e041..3b9ff5d9e8 100644
--- a/includes/Image.php
+++ b/includes/Image.php
@@ -26,7 +26,7 @@ class Image
 		global $wgUploadDirectory;
 
 		$this->name      = $name;
-		$this->title     = Title::makeTitle( Namespace::getImage(), $this->name );
+		$this->title     = Title::makeTitleSafe( NS_IMAGE, $this->name );
 		//$this->imagePath = wfImagePath( $name );
 		$hash 		 = md5( $this->title->getDBkey() );
 		$this->imagePath = $wgUploadDirectory . '/' . $hash{0} . '/' .substr( $hash, 0, 2 ) . "/{$name}";
@@ -377,7 +377,7 @@ function wfRecordUpload( $name, $oldver, $size, $desc, $copyStatus = "", $source
 			'img_user_text' => $wgUser->getName(),
 		), $fname, 'IGNORE'
 	);
-	$descTitle = Title::makeTitle( NS_IMAGE, $name );
+	$descTitle = Title::makeTitleSafe( NS_IMAGE, $name );
 
 	if ( $dbw->affectedRows() ) {
 		# Successfully inserted, this is a new image
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index bfa3989525..6e3cc1be0c 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -829,7 +829,7 @@ class OutputPage {
 			foreach ( $namespaces as $key => $val ) {
 				# Make title object
 				$dbk = $dbkeys[$key];
-				$title = $titles[$key] = Title::makeTitle( $val, $dbk );
+				$title = $titles[$key] = Title::makeTitleSafe( $val, $dbk );
 
 				# Skip invalid entries.
 				# Result will be ugly, but prevents crash.
diff --git a/includes/Skin.php b/includes/Skin.php
index a042e7edf2..1ee25243fd 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -1696,7 +1696,7 @@ class Skin {
 	}
 	# this can be passed the NS number as defined in Language.php
 	/*static*/ function makeNSUrl( $name, $urlaction='', $namespace=0 ) {
-		$title = Title::makeTitle( $namespace, $name );
+		$title = Title::makeTitleSafe( $namespace, $name );
 		$this->checkTitle($title, $name);
 		return $title->getLocalURL( $urlaction );
 	}
@@ -1770,7 +1770,7 @@ class Skin {
 	}
 
 	function makeImageLink( $name, $url, $alt = '' ) {
-		$nt = Title::makeTitle( Namespace::getImage(), $name );
+		$nt = Title::makeTitleSafe( NS_IMAGE, $name );
 		return $this->makeImageLinkObj( $nt, $alt );
 	}
 
@@ -1903,7 +1903,7 @@ class Skin {
 	# $img is an Image object
 	function makeThumbLinkObj( $img, $label = '', $align = 'right', $boxwidth = 180, $boxheight=false, $framed=false , $manual_thumb = "" ) {
 		global $wgStylePath, $wgLang;
-		# $image = Title::makeTitle( Namespace::getImage(), $name );
+		# $image = Title::makeTitleSafe( NS_IMAGE, $name );
 		$url  = $img->getURL();
 
 		#$label = htmlspecialchars( $label );
@@ -1945,7 +1945,7 @@ class Skin {
 
 		if ( $manual_thumb != '' ) # Use manually specified thumbnail
 		{
-			$manual_title = Title::makeTitle( Namespace::getImage(), $manual_thumb ); #new Title ( $manual_thumb ) ;
+			$manual_title = Title::makeTitleSafe( NS_IMAGE, $manual_thumb ); #new Title ( $manual_thumb ) ;
 			$manual_img = Image::newFromTitle( $manual_title );
 			$thumbUrl = $manual_img->getURL();
 			if ( $manual_img->exists() )
@@ -1986,7 +1986,7 @@ class Skin {
 	}
 
 	function makeMediaLink( $name, $url, $alt = "" ) {
-		$nt = Title::makeTitle( Namespace::getMedia(), $name );
+		$nt = Title::makeTitleSafe( Namespace::getMedia(), $name );
 		return $this->makeMediaLinkObj( $nt, $alt );
 	}
 
diff --git a/includes/SpecialBooksources.php b/includes/SpecialBooksources.php
index 13994c404a..b19306718b 100644
--- a/includes/SpecialBooksources.php
+++ b/includes/SpecialBooksources.php
@@ -41,7 +41,7 @@ class BookSourceList {
 		
 		# First, see if we have a custom list setup in
 		# [[Wikipedia:Book sources]] or equivalent.
-		$bstitle = Title::makeTitle( NS_WIKIPEDIA, wfMsg( "booksources" ) );
+		$bstitle = Title::makeTitleSafe( NS_WIKIPEDIA, wfMsg( "booksources" ) );
 		$dbr =& wfGetDB( DB_SLAVE );
 		$bstext = $dbr->selectField( 'cur', 'cur_text', $bstitle->curCond(), $fname );
 		if( $bstext ) {	
diff --git a/includes/Title.php b/includes/Title.php
index 37873a48ac..f08d91e669 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -138,8 +138,8 @@ class Title {
 	}
 	
 	# From a namespace index and a DB key.
-	# It's assumed that $ns and $title are *valid*, for instance
-	# when they came directly from the database.
+	# It's assumed that $ns and $title are *valid*, for instance when
+	# they came directly from the database or a special page name.
 	/* static */ function &makeTitle( $ns, $title ) {
 		$t =& new Title();
 		$t->mInterwiki = '';
@@ -151,6 +151,19 @@ class Title {
 		$t->mTextform = str_replace( '_', ' ', $title );
 		return $t;
 	}
+	
+	# From a namespace index and a DB key.
+	# These will be checked for validity, which is a bit slower
+	# than makeTitle() but safer for user-provided data.
+	/* static */ function makeTitleSafe( $ns, $title ) {
+		$t = new Title();
+		$t->mDbkeyform = Title::makeName( $ns, $title );
+		if( $t->secureAndSplit() ) {
+			return $t;
+		} else {
+			return NULL;
+		}
+ 	}
 
 	/* static */ function newMainPage() {
 		return Title::newFromText( wfMsg( 'mainpage' ) );
diff --git a/index.php b/index.php
index ad36e52758..9f8fa52ca1 100644
--- a/index.php
+++ b/index.php
@@ -96,7 +96,7 @@ if( $search = $wgRequest->getText( 'search' ) ) {
 	SpecialPage::executePath( $wgTitle );
 } else {
 	if ( Namespace::getMedia() == $wgTitle->getNamespace() ) {
-		$wgTitle = Title::makeTitle( Namespace::getImage(), $wgTitle->getDBkey() );
+		$wgTitle = Title::makeTitle( NS_IMAGE, $wgTitle->getDBkey() );
 	}
 
 	switch( $wgTitle->getNamespace() ) {
-- 
2.20.1