From: Brion Vibber <brion@users.mediawiki.org>
Date: Tue, 14 Sep 2004 05:49:15 +0000 (+0000)
Subject: Prudency measure: only enable $wgRawHtml usage if $wgWhitelistEdit is on.
X-Git-Tag: 1.5.0alpha1~2009
X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=63d80f72c1cba40dfbe733eb104d223a8576f713;p=lhc%2Fweb%2Fwiklou.git

Prudency measure: only enable $wgRawHtml usage if $wgWhitelistEdit is on.
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 6dc5caf801..e03022b7a2 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -613,9 +613,9 @@ $wgGoToEdit = false;
 $wgUserHtml = true;
 
 # Allow raw, unchecked HTML in <html>...</html> sections.
-# THIS IS VERY DANGEROUS on a publically editable site.
-# Don't enable it unless you've restricted editing to trusted
-# users only.
+# THIS IS VERY DANGEROUS on a publically editable site, so
+# you can't enable it unless you've restricted editing to
+# trusted users only with $wgWhitelistEdit.
 $wgRawHtml = false;
 
 # $wgUseTidy: use tidy to make sure HTML output is sane.
diff --git a/includes/Parser.php b/includes/Parser.php
index 6b7bb4698b..0d1d4b7c04 100644
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -53,6 +53,7 @@ define( 'STRIP_COMMENTS', 'HTMLCommentStrip' );
 
 # prefix for escaping, used in two functions at least
 define( 'UNIQ_PREFIX', 'NaodW29');
+#define( 'UNIQ_PREFIX', "\x07NaodW29");
 
 # Constants needed for external link processing
 define( 'URL_PROTOCOLS', 'http|https|ftp|irc|gopher|news|mailto' );
@@ -240,8 +241,8 @@ class Parser
 		#$text = str_replace( $uniq_prefix, wfHtmlEscapeFirst( $uniq_prefix ), $text );
 
 		# html
-		global $wgRawHtml;
-		if( $wgRawHtml ) {
+		global $wgRawHtml, $wgWhitelistEdit;
+		if( $wgRawHtml && $wgWhitelistEdit ) {
 			$text = Parser::extractTags('html', $text, $html_content, $uniq_prefix);
 			foreach( $html_content as $marker => $content ) {
 				if ($render ) {