- = MediaWiki release notes =
+= MediaWiki release notes =
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
* (bug 14423) Check block flag validity for block logging
* DB transaction and slave-lag avoidance tweaks for Email Notifications
* (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions
-* (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at
- "user contributions"
+* (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at "user contributions"
* Rollback links on new pages removed from "user contributions"
-* (bug 15811) Re-upload form tweaks: license fields removed, destination locked,
- comment label uses better message
-* Whole HTML validation ($wgValidateAllHtml) now works with external tidy
+* (bug 15811) Re-upload form tweaks: license fields removed, destination locked, comment
+ label uses better message
== API changes in 1.15 ==
* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions
* Replace the output with an error if the HTML is not valid
*/
function wfHtmlValidationHandler( $s ) {
+ global $IP, $wgTidyInternal, $wgTidyConf;
+ if ( $wgTidyInternal ) {
+ $tidy = new tidy;
+
+ $tidy->parseString( $s, $wgTidyConf, 'utf8' );
+ if ( $tidy->getStatus() == 0 ) {
+ return $s;
+ }
- $errors = '';
- if ( MWTidy::checkErrors( $s, $errors ) ) {
- return $s;
+ $errors = $tidy->errorBuffer;
+ } else {
+ // Copied from Parser::externalTidy();
+ global $wgTidyBin, $wgTidyOpts;
+
+ $cleansource = '';
+ $opts = ' -utf8';
+
+ $descriptorspec = array(
+ 0 => array( 'pipe', 'r' ),
+ 1 => array( 'file', wfGetNull(), 'a' ),
+ 2 => array( 'pipe', 'w' )
+ );
+ $pipes = array();
+ if( function_exists( 'proc_open' ) ) {
+ $process = proc_open("$wgTidyBin -config $wgTidyConf $wgTidyOpts$opts", $descriptorspec, $pipes );
+ if ( is_resource( $process ) ) {
+ fwrite( $pipes[0], $s );
+ fclose( $pipes[0] );
+ while( !feof( $pipes[2] ) ) {
+ $errors .= fgets( $pipes[2], 1024 );
+ }
+ fclose( $pipes[2] );
+ $ret = proc_close( $process );
+ if( ( $ret < 0 && $errors == '' ) || $ret == 0 )
+ return $s;
+ } else {
+ return $s;
+ }
+
+ } else {
+ return $s;
+ }
}
header( 'Cache-Control: no-cache' );
$out .= '</ul>';
$out .= '<pre>' . htmlspecialchars( $errors ) . '</pre>';
- $out .= "<ol>\n";
+ $out .= '<ol>';
$line = strtok( $s, "\n" );
$i = 1;
while ( $line !== false ) {
} else {
$out .= '<li>';
}
- $out .= htmlspecialchars( $line ) . "</li>\n";
+ $out .= htmlspecialchars( $line ) . '</li>';
$line = strtok( "\n" );
$i++;
}
$text = Sanitizer::normalizeCharReferences( $text );
- if ( ( $wgUseTidy && $this->mOptions->mTidy ) || $wgAlwaysUseTidy ) {
- $text = MWTidy::tidy( $text );
+ if (($wgUseTidy and $this->mOptions->mTidy) or $wgAlwaysUseTidy) {
+ $text = self::tidy($text);
} else {
# attempt to sanitize at least some nesting problems
# (bug #2702 and quite a few others)
$this->mStripState->general->setPair( $rnd, $text );
return $rnd;
}
-
+
+ /**
+ * Interface with html tidy, used if $wgUseTidy = true.
+ * If tidy isn't able to correct the markup, the original will be
+ * returned in all its glory with a warning comment appended.
+ *
+ * Either the external tidy program or the in-process tidy extension
+ * will be used depending on availability. Override the default
+ * $wgTidyInternal setting to disable the internal if it's not working.
+ *
+ * @param string $text Hideous HTML input
+ * @return string Corrected HTML output
+ * @public
+ * @static
+ */
+ function tidy( $text ) {
+ global $wgTidyInternal;
+
+ $wrappedtext = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"'.
+' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>'.
+'<head><title>test</title></head><body>'.$text.'</body></html>';
+
+ # Tidy is known to clobber tabs; convert 'em to entities
+ $wrappedtext = str_replace("\t", '	', $wrappedtext);
+
+ if( $wgTidyInternal ) {
+ $correctedtext = self::internalTidy( $wrappedtext );
+ } else {
+ $correctedtext = self::externalTidy( $wrappedtext );
+ }
+ if( is_null( $correctedtext ) ) {
+ wfDebug( "Tidy error detected!\n" );
+ return $text . "\n<!-- Tidy found serious XHTML errors -->\n";
+ }
+
+ # Convert the tabs back from entities
+ $correctedtext = str_replace('	', "\t", $correctedtext);
+
+ return $correctedtext;
+ }
+
+ /**
+ * Spawn an external HTML tidy process and get corrected markup back from it.
+ *
+ * @private
+ * @static
+ */
+ function externalTidy( $text ) {
+ global $wgTidyConf, $wgTidyBin, $wgTidyOpts;
+ wfProfileIn( __METHOD__ );
+
+ $cleansource = '';
+ $opts = ' -utf8';
+
+ $descriptorspec = array(
+ 0 => array('pipe', 'r'),
+ 1 => array('pipe', 'w'),
+ 2 => array('file', wfGetNull(), 'a')
+ );
+ $pipes = array();
+ if( function_exists('proc_open') ) {
+ $process = proc_open("$wgTidyBin -config $wgTidyConf $wgTidyOpts$opts", $descriptorspec, $pipes);
+ if (is_resource($process)) {
+ // Theoretically, this style of communication could cause a deadlock
+ // here. If the stdout buffer fills up, then writes to stdin could
+ // block. This doesn't appear to happen with tidy, because tidy only
+ // writes to stdout after it's finished reading from stdin. Search
+ // for tidyParseStdin and tidySaveStdout in console/tidy.c
+ fwrite($pipes[0], $text);
+ fclose($pipes[0]);
+ while (!feof($pipes[1])) {
+ $cleansource .= fgets($pipes[1], 1024);
+ }
+ fclose($pipes[1]);
+ proc_close($process);
+ }
+ }
+
+ wfProfileOut( __METHOD__ );
+
+ if( $cleansource == '' && $text != '') {
+ // Some kind of error happened, so we couldn't get the corrected text.
+ // Just give up; we'll use the source text and append a warning.
+ return null;
+ } else {
+ return $cleansource;
+ }
+ }
+
/**
- * Interface with html tidy
- * @deprecated Use MWTidy::tidy()
+ * Use the HTML tidy PECL extension to use the tidy library in-process,
+ * saving the overhead of spawning a new process.
+ *
+ * 'pear install tidy' should be able to compile the extension module.
+ *
+ * @private
+ * @static
*/
- public static function tidy( $text ) {
- wfDeprecated( __METHOD__ );
- return MWTidy::tidy( $text );
+ function internalTidy( $text ) {
+ global $wgTidyConf, $IP, $wgDebugTidy;
+ wfProfileIn( __METHOD__ );
+
+ $tidy = new tidy;
+ $tidy->parseString( $text, $wgTidyConf, 'utf8' );
+ $tidy->cleanRepair();
+ if( $tidy->getStatus() == 2 ) {
+ // 2 is magic number for fatal error
+ // http://www.php.net/manual/en/function.tidy-get-status.php
+ $cleansource = null;
+ } else {
+ $cleansource = tidy_get_output( $tidy );
+ }
+ if ( $wgDebugTidy && $tidy->getStatus() > 0 ) {
+ $cleansource .= "<!--\nTidy reports:\n" .
+ str_replace( '-->', '-->', $tidy->errorBuffer ) .
+ "\n-->";
+ }
+
+ wfProfileOut( __METHOD__ );
+ return $cleansource;
}
/**
+++ /dev/null
-<?php
-
-/**
- * Class to interact with HTML tidy
- *
- * Either the external tidy program or the in-process tidy extension
- * will be used depending on availability. Override the default
- * $wgTidyInternal setting to disable the internal if it's not working.
- *
- * @ingroup Parser
- */
-class MWTidy {
-
- /**
- * Interface with html tidy, used if $wgUseTidy = true.
- * If tidy isn't able to correct the markup, the original will be
- * returned in all its glory with a warning comment appended.
- *
- * @param string $text Hideous HTML input
- * @return string Corrected HTML output
- */
- public static function tidy( $text ) {
- global $wgTidyInternal;
-
- $wrappedtext = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"'.
-' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>'.
-'<head><title>test</title></head><body>'.$text.'</body></html>';
-
- # Tidy is known to clobber tabs; convert them to entities
- $wrappedtext = str_replace( "\t", '	', $wrappedtext );
-
- if( $wgTidyInternal ) {
- $correctedtext = self::execInternalTidy( $wrappedtext );
- } else {
- $correctedtext = self::execExternalTidy( $wrappedtext );
- }
- if( is_null( $correctedtext ) ) {
- wfDebug( "Tidy error detected!\n" );
- return $text . "\n<!-- Tidy found serious XHTML errors -->\n";
- }
-
- # Convert the tabs back from entities
- $correctedtext = str_replace( '	', "\t", $correctedtext );
-
- return $correctedtext;
- }
-
- /**
- * Check HTML for errors, used if $wgValidateAllHtml = true.
- *
- * @param $text String
- * @param &$errorStr String: return the error string
- * @return Boolean: whether the HTML is valid
- */
- public static function checkErrors( $text, &$errorStr = null ) {
- global $wgTidyInternal;
-
- $retval = 0;
- if( $wgTidyInternal ) {
- $errorStr = self::execInternalTidy( $text, true, $retval );
- } else {
- $errorStr = self::execExternalTidy( $text, true, $retval );
- }
- return ( $retval < 0 && $errorStr == '' ) || $retval == 0;
- }
-
- /**
- * Spawn an external HTML tidy process and get corrected markup back from it.
- * Also called in OutputHandler.php for full page validation
- *
- * @param $text String: HTML to check
- * @param $stderr Boolean: Whether to read from STDERR rather than STDOUT
- * @param &$retval Exit code (-1 on internal error)
- * @retrun mixed String or null
- */
- private static function execExternalTidy( $text, $stderr = false, &$retval = null ) {
- global $wgTidyConf, $wgTidyBin, $wgTidyOpts;
- wfProfileIn( __METHOD__ );
-
- $cleansource = '';
- $opts = ' -utf8';
-
- if( $stderr ) {
- $descriptorspec = array(
- 0 => array( 'pipe', 'r' ),
- 1 => array( 'file', wfGetNull(), 'a' ),
- 2 => array( 'pipe', 'w' )
- );
- } else {
- $descriptorspec = array(
- 0 => array( 'pipe', 'r' ),
- 1 => array( 'pipe', 'w' ),
- 2 => array( 'file', wfGetNull(), 'a' )
- );
- }
-
- $readpipe = $stderr ? 2 : 1;
- $pipes = array();
-
- if( function_exists( 'proc_open' ) ) {
- $process = proc_open( "$wgTidyBin -config $wgTidyConf $wgTidyOpts$opts", $descriptorspec, $pipes );
- if ( is_resource( $process ) ) {
- // Theoretically, this style of communication could cause a deadlock
- // here. If the stdout buffer fills up, then writes to stdin could
- // block. This doesn't appear to happen with tidy, because tidy only
- // writes to stdout after it's finished reading from stdin. Search
- // for tidyParseStdin and tidySaveStdout in console/tidy.c
- fwrite( $pipes[0], $text );
- fclose( $pipes[0] );
- while ( !feof( $pipes[$readpipe] ) ) {
- $cleansource .= fgets( $pipes[$readpipe], 1024 );
- }
- fclose( $pipes[$readpipe] );
- $retval = proc_close( $process );
- } else {
- $retval = -1;
- }
- } else {
- $retval = -1;
- }
-
- wfProfileOut( __METHOD__ );
-
- if( !$stderr && $cleansource == '' && $text != '' ) {
- // Some kind of error happened, so we couldn't get the corrected text.
- // Just give up; we'll use the source text and append a warning.
- return null;
- } else {
- return $cleansource;
- }
- }
-
- /**
- * Use the HTML tidy PECL extension to use the tidy library in-process,
- * saving the overhead of spawning a new process.
- *
- * 'pear install tidy' should be able to compile the extension module.
- */
- private static function execInternalTidy( $text, $stderr = false, &$retval = null ) {
- global $wgTidyConf, $IP, $wgDebugTidy;
- wfProfileIn( __METHOD__ );
-
- $tidy = new tidy;
- $tidy->parseString( $text, $wgTidyConf, 'utf8' );
-
- if( $stderr ) {
- $retval = $tidy->getStatus();
- return $tidy->errorBuffer;
- } else {
- $tidy->cleanRepair();
- $retval = $tidy->getStatus();
- if( $retval == 2 ) {
- // 2 is magic number for fatal error
- // http://www.php.net/manual/en/function.tidy-get-status.php
- $cleansource = null;
- } else {
- $cleansource = tidy_get_output( $tidy );
- }
- if ( $wgDebugTidy && $retval > 0 ) {
- $cleansource .= "<!--\nTidy reports:\n" .
- str_replace( '-->', '-->', $tidy->errorBuffer ) .
- "\n-->";
- }
-
- wfProfileOut( __METHOD__ );
- return $cleansource;
- }
- }
-
-}