Fix to #17031. See bug ticket for test code & test-results.

author Sean Colombo <sean_colombo@users.mediawiki.org>

Wed, 11 Aug 2010 07:19:26 +0000 (07:19 +0000)

committer Sean Colombo <sean_colombo@users.mediawiki.org>

Wed, 11 Aug 2010 07:19:26 +0000 (07:19 +0000)
author Sean Colombo <sean_colombo@users.mediawiki.org>
Wed, 11 Aug 2010 07:19:26 +0000 (07:19 +0000)
committer Sean Colombo <sean_colombo@users.mediawiki.org>
Wed, 11 Aug 2010 07:19:26 +0000 (07:19 +0000)
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php

index e8a3a38..c0b85f9 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -40,10 +40,11 @@ define( 'MW_CHAR_REFS_REGEX',
   * Allows some... latitude.
   * Used in Sanitizer::fixTagAttributes and Sanitizer::decodeTagAttributes
   */
-$attrib = '[A-Za-z0-9]';
+$attrib_first = '[:A-Z_a-z]';
+$attrib = '[:A-Z_a-z-.0-9]';
  $space = '[\x09\x0a\x0d\x20]';
  define( 'MW_ATTRIBS_REGEX',
-       "/(?:^|$space)((?:xml:|xmlns:)?$attrib+)
+    "/(?:^|$space)({$attrib_first}{$attrib}*)
           ($space*=$space*
                 (?:
                  # The attribute value: quoted or alone
author	Sean Colombo <sean_colombo@users.mediawiki.org>
	Wed, 11 Aug 2010 07:19:26 +0000 (07:19 +0000)
committer	Sean Colombo <sean_colombo@users.mediawiki.org>
	Wed, 11 Aug 2010 07:19:26 +0000 (07:19 +0000)