Index: trunk/phase3/includes/Title.php
===================================================================
--- trunk/phase3/includes/Title.php (revision 10959)
+++ trunk/phase3/includes/Title.php (revision 10960)
@@ -316,24 +316,8 @@
* @access public
*/
function legalChars() {
- # Missing characters:
- # * []|# Needed for link syntax
- # * % and + are corrupted by Apache when they appear in the path
- #
- # % seems to work though
- #
- # The problem with % is that URLs are double-unescaped: once by Apache's
- # path conversion code, and again by PHP. So %253F, for example, becomes "?".
- # Our code does not double-escape to compensate for this, indeed double escaping
- # would break if the double-escaped title was passed in the query string
- # rather than the path. This is a minor security issue because articles can be
- # created such that they are hard to view or edit. -- TS
- #
- # Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but
- # this breaks interlanguage links
-
- $set = " %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF";
- return $set;
+ global $wgLegalTitleChars;
+ return $wgLegalTitleChars;
}
/**
Index: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php (revision 10959)
+++ trunk/phase3/includes/DefaultSettings.php (revision 10960)
@@ -122,6 +122,32 @@
/**#@-*/
/**
+ * Allowed title characters -- regex character class
+ * Don't change this unless you know what you're doing
+ *
+ * Problematic punctuation:
+ * []{}|# Are needed for link syntax, never enable these
+ * % Enabled by default, minor problems with path to query rewrite rules, see below
+ * + Doesn't work with path to query rewrite rules, corrupted by apache
+ * ? Enabled by default, but doesn't work with path to PATH_INFO rewrites
+ *
+ * All three of these punctuation problems can be avoided by using an alias, instead of a
+ * rewrite rule of either variety.
+ *
+ * The problem with % is that when using a path to query rewrite rule, URLs are
+ * double-unescaped: once by Apache's path conversion code, and again by PHP. So
+ * %253F, for example, becomes "?". Our code does not double-escape to compensate
+ * for this, indeed double escaping would break if the double-escaped title was
+ * passed in the query string rather than the path. This is a minor security issue
+ * because articles can be created such that they are hard to view or edit.
+ *
+ * Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but
+ * this breaks interlanguage links
+ */
+$wgLegalTitleChars = " %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF";
+
+
+/**
* The external URL protocols (regexp)
*/
$wgUrlProtocols = 'http:\/\/|https:\/\/|ftp:\/\/|irc:\/\/|gopher:\/\/|news:|mailto:';
