From af10d342867fa603945651c1a4e74df9ae319957 Mon Sep 17 00:00:00 2001 From: Aaron Schulz Date: Sat, 6 Dec 2008 18:00:17 +0000 Subject: [PATCH] (bug 12998) Weaken DISPLAYTITLE restictions (patch by 'rememberthedot@gmail.com') --- includes/EditPage.php | 6 ++--- includes/OutputPage.php | 13 +++++++---- includes/Skin.php | 2 +- includes/parser/CoreParserFunctions.php | 29 +++++++++++++++++++------ includes/parser/ParserOutput.php | 27 +++++++++++++++-------- skins/Modern.php | 2 +- skins/MonoBook.php | 2 +- 7 files changed, 55 insertions(+), 26 deletions(-) diff --git a/includes/EditPage.php b/includes/EditPage.php index ea4c056e27..a2874556de 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -1083,11 +1083,11 @@ class EditPage { # Use the title defined by DISPLAYTITLE magic word when present if ( isset($this->mParserOutput) && ( $dt = $this->mParserOutput->getDisplayTitle() ) !== false ) { - $title = $dt; + $wgOut->setPageTitle( wfMsg( 'editing', $this->mParserOutput->getDisplayTitleH1() ) ); + $wgOut->setHTMLTitle( wfMsg( 'editing', $dt ) ); #override the HTML that setPageTitle slated for inclusion in the } else { - $title = $wgTitle->getPrefixedText(); + $wgOut->setPageTitle( wfMsg( 'editing', $wgTitle->getPrefixedText() ) ); } - $wgOut->setPageTitle( wfMsg( 'editing', $title ) ); } } diff --git a/includes/OutputPage.php b/includes/OutputPage.php index dcd5c309be..121a56ad96 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -309,7 +309,10 @@ class OutputPage { } } - public function setHTMLTitle( $name ) {$this->mHTMLtitle = $name; } + # "HTML title" means <title> + public function setHTMLTitle( $name ) { $this->mHTMLtitle = $name; } + + # "Page title" means <h1> public function setPageTitle( $name ) { global $action, $wgContLang; $name = $wgContLang->convert($name, true); @@ -320,7 +323,7 @@ class OutputPage { $name .= ' - '.$taction; } } - + $this->setHTMLTitle( wfMsg( 'pagetitle', $name ) ); } public function getHTMLTitle() { return $this->mHTMLtitle; } @@ -539,8 +542,10 @@ class OutputPage { } } // Display title - if( ( $dt = $parserOutput->getDisplayTitle() ) !== false ) - $this->setPageTitle( $dt ); + if( ( $displayTitleText = $parserOutput->getDisplayTitle() ) !== false ) { + $this->setPageTitle( $parserOutput->getDisplayTitleH1() ); + $this->setHTMLTitle( wfMsg( 'pagetitle', $displayTitleText ) ); #override the HTML that setPageTitle slated for inclusion in the <title> + } // Hooks registered in the object global $wgParserOutputHooks; diff --git a/includes/Skin.php b/includes/Skin.php index 90a6b77c69..42d3e96271 100644 --- a/includes/Skin.php +++ b/includes/Skin.php @@ -1013,7 +1013,7 @@ END; function pageTitle() { global $wgOut; - $s = '<h1 class="pagetitle">' . htmlspecialchars( $wgOut->getPageTitle() ) . '</h1>'; + $s = '<h1 class="pagetitle">' . $wgOut->getPageTitle() . '</h1>'; return $s; } diff --git a/includes/parser/CoreParserFunctions.php b/includes/parser/CoreParserFunctions.php index 4a21b5625a..ca03435fe8 100644 --- a/includes/parser/CoreParserFunctions.php +++ b/includes/parser/CoreParserFunctions.php @@ -164,17 +164,32 @@ class CoreParserFunctions { * @param string $text Desired title text * @return string */ - static function displaytitle( $parser, $text = '' ) { + static function displaytitle( $parser, $displayTitleH1 = '', $displayTitleTitle = '' ) { global $wgRestrictDisplayTitle; - $text = trim( Sanitizer::decodeCharReferences( $text ) ); - + + $titleHTML = Sanitizer::removeHTMLtags( $displayTitleH1 ); #escape the bad tags + $titleText = trim( Sanitizer::stripAllTags( $titleHTML ) ); #remove the good tags, leaving the bad tags escaped, and trim it to make sure it comes out pretty + + #the user can put any sanitized text into the page title used in the <title> attribute, since it is not copy-pasteable like the <h1> tag + if ($displayTitleTitle == '') { + $parser->mOutput->setDisplayTitle( $titleText ); #use the stripped contents of <h1> + } else { + $parser->mOutput->setDisplayTitle( $displayTitleTitle ); #use what the user explicitly requested, MediaWiki escapes this automatically before it is served out + } + if ( !$wgRestrictDisplayTitle ) { - $parser->mOutput->setDisplayTitle( $text ); + $parser->mOutput->setDisplayTitleH1( $titleHTML ); } else { - $title = Title::newFromText( $text ); - if( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) - $parser->mOutput->setDisplayTitle( $text ); + #only titles that normalize to the same title are allowed in the <h1> tag + $title = Title::newFromText( $titleText ); + + if ( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) { + $parser->mOutput->setDisplayTitleH1( $titleHTML ); + } else { + $parser->mOutput->setDisplayTitleH1( $parser->mTitle ); + } } + return ''; } diff --git a/includes/parser/ParserOutput.php b/includes/parser/ParserOutput.php index 35951387dd..045403dae2 100644 --- a/includes/parser/ParserOutput.php +++ b/includes/parser/ParserOutput.php @@ -29,7 +29,8 @@ class ParserOutput /** * Overridden title for display */ - private $displayTitle = false; + private $displayTitle = false; #for use in the <title> tag + private $displayTitleH1 = false; #for use in the <h1> tag, may contain further HTML tags function ParserOutput( $text = '', $languageLinks = array(), $categoryLinks = array(), $containsOldMagic = false, $titletext = '' ) @@ -144,6 +145,15 @@ class ParserOutput } } + /** + * Get the title to be used for display + * + * @return string + */ + public function getDisplayTitle() { + return $this->displayTitle; + } + /** * Override the title to be used for display * -- this is assumed to have been validated @@ -154,14 +164,13 @@ class ParserOutput public function setDisplayTitle( $text ) { $this->displayTitle = $text; } - - /** - * Get the title to be used for display - * - * @return string - */ - public function getDisplayTitle() { - return $this->displayTitle; + + public function getDisplayTitleH1() { + return $this->displayTitleH1; + } + + public function setDisplayTitleH1( $html ) { + $this->displayTitleH1 = $html; } /** diff --git a/skins/Modern.php b/skins/Modern.php index 1b5e078907..18fd4a552a 100644 --- a/skins/Modern.php +++ b/skins/Modern.php @@ -102,7 +102,7 @@ class ModernTemplate extends QuickTemplate { class="mediawiki <?php $this->text('dir') ?> <?php $this->text('pageclass') ?> <?php $this->text('skinnameclass') ?>"> <!-- heading --> - <div id="mw_header"><h1 id="firstHeading"><?php $this->data['displaytitle']!=""?$this->html('title'):$this->text('title') ?></h1></div> + <div id="mw_header"><h1 id="firstHeading"><?php $this->html('title') ?></h1></div> <div id="mw_main"> <div id="mw_contentwrapper"> diff --git a/skins/MonoBook.php b/skins/MonoBook.php index db77791260..cf0b4d0564 100644 --- a/skins/MonoBook.php +++ b/skins/MonoBook.php @@ -115,7 +115,7 @@ class MonoBookTemplate extends QuickTemplate { <div id="content"> <a name="top" id="top"></a> <?php if($this->data['sitenotice']) { ?><div id="siteNotice"><?php $this->html('sitenotice') ?></div><?php } ?> - <h1 class="firstHeading"><?php $this->data['displaytitle']!=""?$this->html('title'):$this->text('title') ?></h1> + <h1 class="firstHeading"><?php $this->html('title'); ?></h1> <div id="bodyContent"> <h3 id="siteSub"><?php $this->msg('tagline') ?></h3> <div id="contentSub"><?php $this->html('subtitle') ?></div> -- 2.20.1