r51594 - Code Review

From MediaWiki.org

Jump to: navigation, search
Repository:MediaWiki
Revision:r51593 | r51594 (on ViewVC) | r51595 >
Date:16:53, 8 June 2009
Author:skizzerz
Status:ok
Tags:
Comment:* DISPLAYTITLE fixes:
** DISPLAYTITLE now parses the single-quote items of wiki markup (bold and italic).
** Remove UNIQ markers from the output due to people putting tags in there (nowiki, ref, etc.).
** Forbid hr and br elements from being in DISPLAYTITLE as well.
Modified paths:

Diff [purge]

Index: trunk/phase3/includes/parser/CoreParserFunctions.php
===================================================================
--- trunk/phase3/includes/parser/CoreParserFunctions.php	(revision 51593)
+++ trunk/phase3/includes/parser/CoreParserFunctions.php	(revision 51594)
@@ -88,19 +88,19 @@
 			return array( 'found' => false );
 		}
 	}
-	
+
 	static function formatDate( $parser, $date, $defaultPref = null ) {
 		$df = DateFormatter::getInstance();
-		
+
 		$date = trim($date);
-		
+
 		$pref = $parser->mOptions->getDateFormat();
-		
+
 		// Specify a different default date format other than the the normal default
-		// iff the user has 'default' for their setting		
+		// iff the user has 'default' for their setting
 		if ($pref == 'default' && $defaultPref)
 			$pref = $defaultPref;
-		
+
 		$date = $df->reformat( $pref, $date, array('match-whole') );
 		return $date;
 	}
@@ -198,10 +198,10 @@
 
 		// default
 		$gender = User::getDefaultOption( 'gender' );
-		
+
 		// allow prefix.
 		$title = Title::newFromText( $user );
-		
+
 		if (is_object( $title ) && $title->getNamespace() == NS_USER)
 			$user = $title->getText();
 
@@ -233,13 +233,21 @@
 	 */
 	static function displaytitle( $parser, $text = '' ) {
 		global $wgRestrictDisplayTitle;
-		
+
+		#parse a limited subset of wiki markup (just the single quote items)
+		$text = $parser->doQuotes( $text );
+
+		#remove stripped text (e.g. the UNIQ-QINU stuff) that was generated by tag extensions/whatever
+		$text = preg_replace( '/' . preg_quote( $parser->uniqPrefix(), '/' ) . '.*?'
+			. preg_quote( Parser::MARKER_SUFFIX, '/' ) . '/', '', $text );
+
 		#list of disallowed tags for DISPLAYTITLE
 		#these will be escaped even though they are allowed in normal wiki text
-		$bad = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'div', 'blockquote', 'ol', 'ul', 'li',
-			'table', 'tr', 'th', 'td', 'dl', 'dd', 'caption', 'p', 'ruby', 'rb', 'rt', 'rp' );
-		
+		$bad = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'div', 'blockquote', 'ol', 'ul', 'li', 'hr',
+			'table', 'tr', 'th', 'td', 'dl', 'dd', 'caption', 'p', 'ruby', 'rb', 'rt', 'rp', 'br' );
+
 		#only requested titles that normalize to the actual title are allowed through
+		#if $wgRestrictDisplayTitle is true (it is by default)
 		#mimic the escaping process that occurs in OutputPage::setPageTitle
 		$text = Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $text, null, array(), array(), $bad ) );
 		$title = Title::newFromText( Sanitizer::stripAllTags( $text ) );
@@ -304,9 +312,9 @@
 	}
 	static function numberingroup( $parser, $name = '', $raw = null) {
 		return self::formatRaw( SiteStats::numberingroup( strtolower( $name ) ), $raw );
-	} 
+	}
 
-	
+
 	/**
 	 * Given a title, return the namespace name that would be given by the
 	 * corresponding magic word
@@ -400,7 +408,7 @@
 		if ( is_null($t) )
 			return '';
 		return wfUrlEncode( str_replace( ' ', '_', $t->getBaseText() ) );
-	}	
+	}
 	static function talkpagename( $parser, $title = null ) {
 		$t = Title::newFromText( $title );
 		if ( is_null($t) || !$t->canTalk() )
@@ -425,7 +433,7 @@
 			return '';
 		return $t->getSubjectPage()->getPrefixedUrl();
 	}
-	
+
 	/**
 	 * Return the number of pages in the given category, or 0 if it's nonexis-
 	 * tent.  This is an expensive parser function and can't be called too many
@@ -482,13 +490,13 @@
 			$rev = Revision::newFromTitle($title);
 			$id = $rev ? $rev->getPage() : 0;
 			$length = $cache[$page] = $rev ? $rev->getSize() : 0;
-	
+
 			// Register dependency in templatelinks
 			$parser->mOutput->addTemplate( $title, $id, $rev ? $rev->getId() : 0 );
-		}	
+		}
 		return self::formatRaw( $length, $raw );
 	}
-	
+
 	/**
 	* Returns the requested protection level for the current page
 	*/
@@ -509,12 +517,12 @@
 	 * Unicode-safe str_pad with the restriction that $length is forced to be <= 500
  	 */
 	static function pad( $string, $length, $padding = '0', $direction = STR_PAD_RIGHT ) {
-		$lengthOfPadding = mb_strlen( $padding );		
+		$lengthOfPadding = mb_strlen( $padding );
 		if ( $lengthOfPadding == 0 ) return $string;
-		
+
 		# The remaining length to add counts down to 0 as padding is added
 		$length = min( $length, 500 ) - mb_strlen( $string );
-		# $finalPadding is just $padding repeated enough times so that 
+		# $finalPadding is just $padding repeated enough times so that
 		# mb_strlen( $string ) + mb_strlen( $finalPadding ) == $length
 		$finalPadding = '';
 		while ( $length > 0 ) {
@@ -523,7 +531,7 @@
 			$finalPadding .= mb_substr( $padding, 0, $length );
 			$length -= $lengthOfPadding;
 		}
-		
+
 		if ( $direction == STR_PAD_LEFT ) {
 			return $finalPadding . $string;
 		} else {
Index: trunk/phase3/RELEASE-NOTES
===================================================================
--- trunk/phase3/RELEASE-NOTES	(revision 51593)
+++ trunk/phase3/RELEASE-NOTES	(revision 51594)
@@ -79,6 +79,7 @@
 * (bug 14866) Messages 'recentchangeslinked-toolbox' and
   'recentchangeslinked-toolbox' were added to allow more fine grained
   customisation of the user interface
+* DISPLAYTITLE now accepts a limited amount of wiki markup (the single-quote items)
 
 === Bug fixes in 1.16 ===

Status & tagging log

Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/51594"
Views
Toolbox