From d28bc0821d9f5f583f45fc5238a61c72bc49dea5 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Fri, 9 Sep 2005 22:48:25 +0000
Subject: [PATCH] Made legal title character list configurable

---
 includes/DefaultSettings.php | 26 ++++++++++++++++++++++++++
 includes/Title.php           | 20 ++------------------
 2 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 0fbc7ee943..b47c44dbcc 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -121,6 +121,32 @@ $wgTmpDirectory     = "{$wgUploadDirectory}/tmp";
 $wgUploadBaseUrl    = "";
 /**#@-*/
 
+/**
+ * Allowed title characters -- regex character class
+ * Don't change this unless you know what you're doing
+ *
+ * Problematic punctuation:
+ *  []{}|#    Are needed for link syntax, never enable these
+ *  %         Enabled by default, minor problems with path to query rewrite rules, see below
+ *  +         Doesn't work with path to query rewrite rules, corrupted by apache
+ *  ?         Enabled by default, but doesn't work with path to PATH_INFO rewrites
+ *
+ * All three of these punctuation problems can be avoided by using an alias, instead of a 
+ * rewrite rule of either variety.
+ *
+ * The problem with % is that when using a path to query rewrite rule, URLs are 
+ * double-unescaped: once by Apache's path conversion code, and again by PHP. So 
+ * %253F, for example, becomes "?". Our code does not double-escape to compensate 
+ * for this, indeed double escaping would break if the double-escaped title was 
+ * passed in the query string rather than the path. This is a minor security issue 
+ * because articles can be created such that they are hard to view or edit.
+ *
+ * Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but
+ * this breaks interlanguage links
+ */
+$wgLegalTitleChars = " %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF";
+
+
 /**
  * The external URL protocols (regexp)
  */
diff --git a/includes/Title.php b/includes/Title.php
index 0721c1cab7..a4dc83f04a 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -316,24 +316,8 @@ class Title {
 	 * @access public
 	 */
 	function legalChars() {
-		# Missing characters:
-		#  * []|# Needed for link syntax
-		#  * % and + are corrupted by Apache when they appear in the path
-		#
-		# % seems to work though
-		#
-		# The problem with % is that URLs are double-unescaped: once by Apache's
-		# path conversion code, and again by PHP. So %253F, for example, becomes "?".
-		# Our code does not double-escape to compensate for this, indeed double escaping
-		# would break if the double-escaped title was passed in the query string
-		# rather than the path. This is a minor security issue because articles can be
-		# created such that they are hard to view or edit. -- TS
-		#
-		# Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but
-		# this breaks interlanguage links
-
-		$set = " %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF";
-		return $set;
+		global $wgLegalTitleChars;
+		return $wgLegalTitleChars;
 	}
 
 	/**
-- 
2.20.1