From: Antoine Musso <hashar@users.mediawiki.org>
Date: Wed, 17 Jan 2007 21:52:37 +0000 (+0000)
Subject: Sanitizer now correctly escapes lonely '>' occuring before the first wikitag.
X-Git-Tag: 1.31.0-rc.0~54331
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/?a=commitdiff_plain;h=dde90d01f2310fb2cb02f2575695aa07b415ea1a;p=lhc%2Fweb%2Fwiklou.git

Sanitizer now correctly escapes lonely '>' occuring before the first wikitag.
Fix parsertest: "Always escape literal '>' in output, not just after '<'"
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 50b9f52732..a7a481eb4f 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -115,6 +115,7 @@ lighter making things easier to read.
 * Fix hardcoded background color in parserTests.php
 * parserTests.php : removed the 'light' option for --color argument, replacing
   it with a new global switch : $wgCommandLineDarkBg
+* Sanitizer now correctly escapes lonely '>' occuring before the first wikitag.
 
 == Languages updated ==
 
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index ad2f777d7d..ebe9d5a80a 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -386,7 +386,7 @@ class Sanitizer {
 		# Remove HTML comments
 		$text = Sanitizer::removeHTMLcomments( $text );
 		$bits = explode( '<', $text );
-		$text = array_shift( $bits );
+		$text = str_replace( '>', '&gt;', array_shift( $bits ) );
 		if(!$wgUseTidy) {
 			$tagstack = $tablestack = array();
 			foreach ( $bits as $x ) {
diff --git a/maintenance/parserTests.txt b/maintenance/parserTests.txt
index 8c7a2ee8d0..5465bae089 100644
--- a/maintenance/parserTests.txt
+++ b/maintenance/parserTests.txt
@@ -255,7 +255,7 @@ everything starting with < followed by !-- until the first -- and > we see,
 that wouldn't be valid XML however, since in XML -- has to terminate a comment
 -->-->
 !! result
-<p>-->
+<p>--&gt;
 </p>
 !! end
 
@@ -264,7 +264,7 @@ Comment semantics: nesting
 !! input
 <!--<!-- no, we're not going to do anything fancy here -->-->
 !! result
-<p>-->
+<p>--&gt;
 </p>
 !! end
 
@@ -6060,7 +6060,7 @@ RAW magic word
 
 # This isn't needed for XHTML conformance, but would be handy as a fallback security measure
 !! test
-TODO: Always escape literal '>' in output, not just after '<'
+Always escape literal '>' in output, not just after '<'
 !! input
 ><>
 !! result