* (bug 5277) Use audio/midi rather that audio/mid
* (bug 5410) Use namespace name when a custom namespace's nstab-NS message is nonexistent
* (bug 5432) Fix inconsistencies in cookie names when using table prefixes
+* Additional protections against HTML breakage in table parsing
=== Caveats ===
$wgPostCommitUpdateList = array();
}
+/**
+ * More or less "markup-safe" explode()
+ * Ignores any instances of the separator inside <...>
+ * @param string $separator
+ * @param string $text
+ * @return array
+ */
+function wfExplodeMarkup( $separator, $text ) {
+ $placeholder = "\x00";
+
+ // Just in case...
+ $text = str_replace( $placeholder, '', $text );
+
+ // Trim stuff
+ $replacer = new ReplacerCallback( $separator, $placeholder );
+ $cleaned = preg_replace_callback( '/(<.*?>)/', array( $replacer, 'go' ), $text );
+
+ $items = explode( $separator, $cleaned );
+ foreach( $items as $i => $str ) {
+ $items[$i] = str_replace( $placeholder, $separator, $str );
+ }
+
+ return $items;
+}
+
+class ReplacerCallback {
+ function ReplacerCallback( $from, $to ) {
+ $this->from = $from;
+ $this->to = $to;
+ }
+
+ function go( $matches ) {
+ return str_replace( $this->from, $this->to, $matches[1] );
+ }
+}
+
?>
}
$after = substr ( $x , 1 ) ;
if ( $fc == '!' ) $after = str_replace ( '!!' , '||' , $after ) ;
- $after = explode ( '||' , $after ) ;
+
+ // Split up multiple cells on the same line.
+ // FIXME: This can result in improper nesting of tags processed
+ // by earlier parser steps, but should avoid splitting up eg
+ // attribute values containing literal "||".
+ $after = wfExplodeMarkup( '||', $after );
+
$t[$k] = '' ;
# Loop through each table cell
!! end
+# FIXME: this one has incorrect tag nesting still.
+!! test
+Table security: embedded pipes (http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034637.html)
+!! input
+{|
+| |[ftp://|x||]" onmouseover="alert(document.cookie)">test
+!! result
+<table>
+<tr>
+<td><a href="ftp://|x||" class='external free' title="ftp://|x||" rel="nofollow">ftp://|x</td><td></a>" onmouseover="alert(document.cookie)">test
+</td>
+</tr>
+</table>
+
+!! end
+
+
###
### Internal links
###