From dbfe1c9a935781ac8a89e10eb01f224cdd1624ae Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Tue, 4 Sep 2018 17:44:44 +0000 Subject: [PATCH] Add warning if you give Html::openElement a name with a space Bug: T201747 Change-Id: I7772f1e8c0c12bdf1fd60d62e015f2ec82d8ac90 --- RELEASE-NOTES-1.33 | 2 ++ includes/Html.php | 6 ++++++ tests/phpunit/includes/HtmlTest.php | 9 +++++++++ 3 files changed, 17 insertions(+) diff --git a/RELEASE-NOTES-1.33 b/RELEASE-NOTES-1.33 index ce95bd61d2..96ca3820a5 100644 --- a/RELEASE-NOTES-1.33 +++ b/RELEASE-NOTES-1.33 @@ -196,6 +196,8 @@ because of Phabricator reports. === Other changes in 1.33 === * (T208871) The hard-coded Google search form on the database error page was removed. +* (T201747) Html::openElement() warns if given an element name wiht a space + in it. * … == Compatibility == diff --git a/includes/Html.php b/includes/Html.php index d066effd92..0aea7eabc3 100644 --- a/includes/Html.php +++ b/includes/Html.php @@ -255,6 +255,12 @@ class Html { // consistency and better compression. $element = strtolower( $element ); + // Some people were abusing this by passing things like + // 'h1 id="foo" to $element, which we don't want. + if ( strpos( $element, ' ' ) !== false ) { + wfWarn( __METHOD__ . " given element name with space '$element'" ); + } + // Remove invalid input types if ( $element == 'input' ) { $validTypes = [ diff --git a/tests/phpunit/includes/HtmlTest.php b/tests/phpunit/includes/HtmlTest.php index 5410644a49..1d687e517c 100644 --- a/tests/phpunit/includes/HtmlTest.php +++ b/tests/phpunit/includes/HtmlTest.php @@ -76,6 +76,15 @@ class HtmlTest extends MediaWikiTestCase { parent::tearDown(); } + /** + * @expectedException PHPUnit_Framework_Error_Notice + * @expectedExceptionMessage given element name with space + * @covers Html::openElement + */ + public function testOpenElement() { + Html::openElement( 'span id="x"' ); + } + /** * @covers Html::element * @covers Html::rawElement -- 2.20.1