declaration.
* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
in it's fallback chain when trying to work out where to write the cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
+ syntax's link parameter.
=== Action API changes in 1.29 ===
* Submitting sensitive authentication request parameters to action=login,
true, 'free',
$this->getExternalLinkAttribs( $url ), $this->mTitle );
# Register it in the output object...
- # Replace unnecessary URL escape codes with their equivalent characters
- $pasteurized = self::normalizeLinkUrl( $url );
- $this->mOutput->addExternalLink( $pasteurized );
+ $this->mOutput->addExternalLink( $url );
}
return $text . $trail;
}
$this->getExternalLinkAttribs( $url ), $this->mTitle ) . $dtrail . $trail;
# Register link in the output object.
- # Replace unnecessary URL escape codes with the referenced character
- # This prevents spammers from hiding links from the filters
- $pasteurized = self::normalizeLinkUrl( $url );
- $this->mOutput->addExternalLink( $pasteurized );
+ $this->mOutput->addExternalLink( $url );
}
return $s;
}
if ( preg_match( "/^($prots)$addr$chars*$/u", $linkValue ) ) {
$link = $linkValue;
+ $this->mOutput->addExternalLink( $link );
} else {
$localLinkTitle = Title::newFromText( $linkValue );
if ( $localLinkTitle !== null ) {
+ $this->mOutput->addLink( $localLinkTitle );
$link = $localLinkTitle->getLinkURL();
}
}
# We don't register links pointing to our own server, unless... :-)
global $wgServer, $wgRegisterInternalExternals;
+ # Replace unnecessary URL escape codes with the referenced character
+ # This prevents spammers from hiding links from the filters
+ $url = parser::normalizeLinkUrl( $url );
+
$registerExternalLink = true;
if ( !$wgRegisterInternalExternals ) {
$registerExternalLink = !self::isLinkInternal( $wgServer, $url );