From b5ad1e694b3b233bb2dcd90b0aeafcb7dc18a5c6 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 7 Feb 2005 03:56:22 +0000 Subject: [PATCH] * Fix link in image alt text, using replaceLinkHolders with the global parser. This is a hack; such things should not be globally linked. * Use the common attribute normalization code in the alt text de-tagification. --- includes/Linker.php | 10 +++++++--- includes/Sanitizer.php | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/includes/Linker.php b/includes/Linker.php index 25fad56d8e..ee36c912da 100644 --- a/includes/Linker.php +++ b/includes/Linker.php @@ -519,9 +519,13 @@ class Linker { if ( '' == $manual_thumb ) $url = $img->createThumb( $width ); } - $alt = preg_replace( '/<[^>]*>/', '', $alt ); - $alt = preg_replace('/&(?!:amp;|#[Xx][0-9A-fa-f]+;|#[0-9]+;|[a-zA-Z0-9]+;)/', '&', $alt); - $alt = str_replace( array('<', '>', '"'), array('<', '>', '"'), $alt ); + # FIXME: This is a gross hack using a global. + # Replace link color holders in the caption text so the + # text portion can be placed int the alt/title attributes. + global $wgParser; + $wgParser->replaceLinkHolders( $alt ); + + $alt = Sanitizer::stripAllTags( $alt ); $u = $nt->escapeLocalURL(); if ( $url == '' ) { diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 2729efcb7c..fec5d720be 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -795,6 +795,31 @@ class Sanitizer { ); return $whitelist; } + + /** + * Take a fragment of (potentially invalid) HTML and return + * a version with any tags removed, encoded suitably for literal + * inclusion in an attribute value. + * + * @param string $text HTML fragment + * @return string + */ + function stripAllTags( $text ) { + # Actual + $text = preg_replace( '/<[^>]*>/', '', $text ); + + # Normalize &entities and whitespace + $text = Sanitizer::normalizeAttributeValue( $text ); + + # Will be placed into "double-quoted" attributes, + # make sure remaining bits are safe. + $text = str_replace( + array('<', '>', '"'), + array('<', '>', '"'), + $text ); + + return $text; + } } -- 2.20.1