From: Tim Starling Date: Fri, 9 Sep 2005 22:48:25 +0000 (+0000) Subject: Made legal title character list configurable X-Git-Tag: 1.6.0~1685 X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=commitdiff_plain;h=d28bc0821d9f5f583f45fc5238a61c72bc49dea5;p=lhc%2Fweb%2Fwiklou.git Made legal title character list configurable --- diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 0fbc7ee943..b47c44dbcc 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -121,6 +121,32 @@ $wgTmpDirectory = "{$wgUploadDirectory}/tmp"; $wgUploadBaseUrl = ""; /**#@-*/ +/** + * Allowed title characters -- regex character class + * Don't change this unless you know what you're doing + * + * Problematic punctuation: + * []{}|# Are needed for link syntax, never enable these + * % Enabled by default, minor problems with path to query rewrite rules, see below + * + Doesn't work with path to query rewrite rules, corrupted by apache + * ? Enabled by default, but doesn't work with path to PATH_INFO rewrites + * + * All three of these punctuation problems can be avoided by using an alias, instead of a + * rewrite rule of either variety. + * + * The problem with % is that when using a path to query rewrite rule, URLs are + * double-unescaped: once by Apache's path conversion code, and again by PHP. So + * %253F, for example, becomes "?". Our code does not double-escape to compensate + * for this, indeed double escaping would break if the double-escaped title was + * passed in the query string rather than the path. This is a minor security issue + * because articles can be created such that they are hard to view or edit. + * + * Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but + * this breaks interlanguage links + */ +$wgLegalTitleChars = " %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF"; + + /** * The external URL protocols (regexp) */ diff --git a/includes/Title.php b/includes/Title.php index 0721c1cab7..a4dc83f04a 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -316,24 +316,8 @@ class Title { * @access public */ function legalChars() { - # Missing characters: - # * []|# Needed for link syntax - # * % and + are corrupted by Apache when they appear in the path - # - # % seems to work though - # - # The problem with % is that URLs are double-unescaped: once by Apache's - # path conversion code, and again by PHP. So %253F, for example, becomes "?". - # Our code does not double-escape to compensate for this, indeed double escaping - # would break if the double-escaped title was passed in the query string - # rather than the path. This is a minor security issue because articles can be - # created such that they are hard to view or edit. -- TS - # - # Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but - # this breaks interlanguage links - - $set = " %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF"; - return $set; + global $wgLegalTitleChars; + return $wgLegalTitleChars; } /**