static function displaytitle( $parser, $text = '' ) {
global $wgRestrictDisplayTitle;
- #parse a limited subset of wiki markup (just the single quote items)
+ // parse a limited subset of wiki markup (just the single quote items)
$text = $parser->doQuotes( $text );
- #remove stripped text (e.g. the UNIQ-QINU stuff) that was generated by tag extensions/whatever
+ // remove stripped text (e.g. the UNIQ-QINU stuff) that was generated by tag extensions/whatever
$text = preg_replace( '/' . preg_quote( $parser->uniqPrefix(), '/' ) . '.*?'
. preg_quote( Parser::MARKER_SUFFIX, '/' ) . '/', '', $text );
- #list of disallowed tags for DISPLAYTITLE
- #these will be escaped even though they are allowed in normal wiki text
+ // list of disallowed tags for DISPLAYTITLE
+ // these will be escaped even though they are allowed in normal wiki text
$bad = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'div', 'blockquote', 'ol', 'ul', 'li', 'hr',
'table', 'tr', 'th', 'td', 'dl', 'dd', 'caption', 'p', 'ruby', 'rb', 'rt', 'rp', 'br' );
- #only requested titles that normalize to the actual title are allowed through
- #if $wgRestrictDisplayTitle is true (it is by default)
- #mimic the escaping process that occurs in OutputPage::setPageTitle
- $text = Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $text, null, array(), array(), $bad ) );
+ // disallow some styles that could be used to bypass $wgRestrictDisplayTitle
+ if ( $wgRestrictDisplayTitle ) {
+ $htmlTagsCallback = function ( $params ) {
+ $decoded = Sanitizer::decodeTagAttributes( $params );
+
+ if ( isset( $decoded['style'] ) ) {
+ // this is called later anyway, but we need it right now for the regexes below to be safe
+ // calling it twice doesn't hurt
+ $decoded['style'] = Sanitizer::checkCss( $decoded['style'] );
+
+ if ( preg_match( '/(display|user-select|visibility)\s*:/i', $decoded['style'] ) ) {
+ $decoded['style'] = '/* attempt to bypass $wgRestrictDisplayTitle */';
+ }
+ }
+
+ $params = Sanitizer::safeEncodeTagAttributes( $decoded );
+ };
+ } else {
+ $htmlTagsCallback = null;
+ }
+
+ // only requested titles that normalize to the actual title are allowed through
+ // if $wgRestrictDisplayTitle is true (it is by default)
+ // mimic the escaping process that occurs in OutputPage::setPageTitle
+ $text = Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $text, $htmlTagsCallback, array(), array(), $bad ) );
$title = Title::newFromText( Sanitizer::stripAllTags( $text ) );
if ( !$wgRestrictDisplayTitle ) {
return self::formatRaw( SiteStats::edits(), $raw );
}
static function numberofviews( $parser, $raw = null ) {
- return self::formatRaw( SiteStats::views(), $raw );
+ global $wgDisableCounters;
+ return !$wgDisableCounters ? self::formatRaw( SiteStats::views(), $raw ) : '';
}
static function pagesinnamespace( $parser, $namespace = 0, $raw = null ) {
return self::formatRaw( SiteStats::pagesInNs( intval( $namespace ) ), $raw );
* Return the size of the given page, or 0 if it's nonexistent. This is an
* expensive parser function and can't be called too many times per page.
*
- * @todo FIXME: This doesn't work correctly on preview for getting the size
- * of the current page.
* @todo FIXME: Title::getLength() documentation claims that it adds things
* to the link cache, so the local cache here should be unnecessary, but
* in fact calling getLength() repeatedly for the same $page does seem to
* @todo Document parameters
*
* @param $parser Parser
- * @param string $page TODO DOCUMENT (Default: empty string)
- * @param $raw TODO DOCUMENT (Default: null)
+ * @param $page String Name of page to check (Default: empty string)
+ * @param $raw String Should number be human readable with commas or just number
* @return string
*/
static function pagesize( $parser, $page = '', $raw = null ) {
$page = $title->getPrefixedText();
$length = 0;
- if ( isset( $cache[$page] ) ) {
+ if ( $title->equals( $parser->getTitle() )
+ && $parser->mInputSize !== false
+ ) {
+ # We are on current page (and not in PST), so
+ # take length of input to parser.
+ $length = $parser->mInputSize;
+ } elseif ( isset( $cache[$page] ) ) {
$length = $cache[$page];
} elseif ( $parser->incrementExpensiveFunctionCount() ) {
$rev = Revision::newFromTitle( $title, false, Revision::READ_NORMAL );
$title = SpecialPage::getTitleFor( $page, $subpage );
return $title->getPrefixedText();
} else {
- return wfMessage( 'nosuchspecialpage' )->inContentLanguage()->text();
+ // unknown special page, just use the given text as its title, if at all possible
+ $title = Title::makeTitleSafe( NS_SPECIAL, $text );
+ return $title ? $title->getPrefixedText() : self::special( $parser, 'Badtitle' );
}
}
dépôts / lhc / web / wiklou.git / blobdiff