* So that this works properly, don't escape HTML entities in edit summaries. I don't see any good reason for them to be escaped there. Of course, this may result in old edit summaries displaying slightly differently if for some reason they included an entity, but in that case there's at least a 50% chance that they intended it to not be escaped in the first place.
the database is potentially queried
* (bug 9736) Redirects on Special:Fewestrevisions are now marked as such.
* New date/time formats in Cs localization according to ČSN and PČP.
+* HTML entities like now work (are not escaped) in edit summaries.
+* (bug 13815) In the comment for page moves, use the colon-separator message
+ instead of a hardcoded colon.
=== Bug fixes in 1.13 ===
if ( in_array('escape', $options) ) {
$string = htmlspecialchars ( $string );
} elseif ( in_array( 'escapenoentities', $options ) ) {
- $string = htmlspecialchars( $string );
- $string = str_replace( '&', '&', $string );
- $string = Sanitizer::normalizeCharReferences( $string );
+ $string = Sanitizer::escapeHtmlAllowEntities( $string );
}
if( in_array('replaceafter', $options) ) {
# Sanitize text a bit:
$comment = str_replace( "\n", " ", $comment );
- $comment = htmlspecialchars( $comment );
+ # Allow HTML entities (for bug 13815)
+ $comment = Sanitizer::escapeHtmlAllowEntities( $comment );
# Render autocomments and make links:
$comment = $this->formatAutoComments( $comment, $title, $local );
$class ), '_');
}
+ /**
+ * Given HTML input, escape with htmlspecialchars but un-escape entites.
+ * This allows (generally harmless) entities like to survive.
+ *
+ * @param string $html String to escape
+ * @return string Escaped input
+ */
+ static function escapeHtmlAllowEntities( $html ) {
+ # It seems wise to escape ' as well as ", as a matter of course. Can't
+ # hurt.
+ $html = htmlspecialchars( $html, ENT_QUOTES );
+ $html = str_replace( '&', '&', $html );
+ $html = Sanitizer::normalizeCharReferences( $html );
+ return $html;
+ }
+
/**
* Regex replace callback for armoring links against further processing.
* @param array $matches
$fname = 'MovePageForm::moveToNewTitle';
$comment = wfMsgForContent( '1movedto2', $this->getPrefixedText(), $nt->getPrefixedText() );
if ( $reason ) {
- $comment .= ": $reason";
+ $comment .= wfMsgExt( 'colon-separator',
+ array( 'escapenoentities', 'content' ) );
+ $comment .= $reason;
}
$newid = $nt->getArticleID();