dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1de9c48)
Follow-up to r45425 -- bug was in MWSearch, not core. It's supposed to be HTML-format...
authorBrion Vibber <brion@users.mediawiki.org>
Mon, 5 Jan 2009 20:46:43 +0000 (20:46 +0000)
committerBrion Vibber <brion@users.mediawiki.org>
Mon, 5 Jan 2009 20:46:43 +0000 (20:46 +0000)
Adding a comment on SearchEngine to clarify that getSuggestionSnippet() returns HTML

RELEASE-NOTES patch | blob | history
includes/SearchEngine.php patch | blob | history
includes/specials/SpecialSearch.php patch | blob | history

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 604162b..14dce00 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -468,7 +468,6 @@ The following extensions are migrated into MediaWiki 1.14:
   that STDIN can be used for page list
 * Sanitizer::decodeCharReferences() now decodes the XHTML "&apos;" character
   entity (loosely related to bug 14365)
-* Fix XSS in Special:Search with extended engine features ("did you mean")
 
 === API changes in 1.14 ===
 
diff --git a/includes/SearchEngine.php b/includes/SearchEngine.php
index db7431e..3ea0341 100644 (file)
--- a/includes/SearchEngine.php
+++ b/includes/SearchEngine.php
@@ -470,7 +470,7 @@ class SearchResultSet {
        }
 
        /**
-        * @return string highlighted suggested query, '' if none
+        * @return string HTML highlighted suggested query, '' if none
         */
        function getSuggestionSnippet(){
                return '';
diff --git a/includes/specials/SpecialSearch.php b/includes/specials/SpecialSearch.php
index c7678d2..f311724 100644 (file)
--- a/includes/specials/SpecialSearch.php
+++ b/includes/specials/SpecialSearch.php
@@ -169,7 +169,7 @@ class SpecialSearch {
                                $this->powerSearchOptions()
                        );
                        $suggestLink = $sk->makeKnownLinkObj( $st,
-                               htmlspecialchars( $textMatches->getSuggestionSnippet() ),
+                               $textMatches->getSuggestionSnippet(),
                                $stParams );
 
                        $this->didYouMeanHtml = '<div class="searchdidyoumean">'.wfMsg('search-suggest',$suggestLink).'</div>';
@@ -947,7 +947,7 @@ class SpecialSearchOld {
                                        $this->powerSearchOptions());
                                        
                        $suggestLink = $sk->makeKnownLinkObj( $st,
-                               htmlspecialchars( $textMatches->getSuggestionSnippet() ),
+                               $textMatches->getSuggestionSnippet(),
                                $stParams );
                                        
                        $wgOut->addHTML('<div class="searchdidyoumean">'.wfMsg('search-suggest',$suggestLink).'</div>');
Wiklou, le Wiki du Wiklou