// either.
$po = ParserOptions::newFromAnon();
$po->setEditSection( false );
+ $po->setAllowUnsafeRawHtml( false );
return $po;
}
$this->mParserOptions = new ParserOptions;
$this->mParserOptions->setEditSection( false );
+ // Messages may take parameters that could come
+ // from malicious sources. As a precaution, disable
+ // the <html> parser tag when parsing messages.
+ $this->mParserOptions->setAllowUnsafeRawHtml( false );
}
return $this->mParserOptions;
$res = $dbr->select(
[ 'page', 'revision', 'text' ],
- [ 'page_title', 'old_text', 'old_flags' ],
+ [ 'page_title', 'old_id', 'old_text', 'old_flags' ],
$smallConds,
__METHOD__ . "($code)-small"
);