r102107 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r102106‎ | r102107 | r102108 >
Date:17:03, 5 November 2011
Author:foxtrott
Status:deferred
Tags:
Comment:
followup r102038: use tags instead of open/closeElements; ensure parameter sanitizing
Modified paths:
  • /trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php
@@ -163,15 +163,29 @@
164164 $inFormName = $inLinkStr = $inLinkType = $inTitle =
165165 $inQueryStr = $inTargetName = '';
166166 $classStr = "";
167 - // assign params - support unlabelled params, for backwards compatibility
 167+ // assign params
 168+ // - support unlabelled params, for backwards compatibility
 169+ // - parse and sanitize all parameter values
168170 foreach ( $params as $i => $param ) {
 171+
169172 $elements = explode( '=', $param, 2 );
170 - $param_name = null;
171 - $value = trim( $param );
 173+
 174+ // set param_name and value
172175 if ( count( $elements ) > 1 ) {
 176+
173177 $param_name = trim( $elements[0] );
 178+
 179+ // parse (and sanitize) parameter values
174180 $value = trim( $parser->recursiveTagParse( $elements[1] ) );
 181+
 182+ } else {
 183+
 184+ $param_name = null;
 185+
 186+ // parse (and sanitize) parameter values
 187+ $value = trim( $parser->recursiveTagParse( $param ) );
175188 }
 189+
176190 if ( $param_name == 'form' ) {
177191 $inFormName = $value;
178192 } elseif ( $param_name == 'link text' ) {
@@ -190,13 +204,13 @@
191205 $classStr = 'popupformlink';
192206 }
193207 elseif ( $i == 0 ) {
194 - $inFormName = $param;
 208+ $inFormName = $value;
195209 } elseif ( $i == 1 ) {
196 - $inLinkStr = $param;
 210+ $inLinkStr = $value;
197211 } elseif ( $i == 2 ) {
198 - $inLinkType = $param;
 212+ $inLinkType = $value;
199213 } elseif ( $i == 3 ) {
200 - $inQueryStr = $param;
 214+ $inQueryStr = $value;
201215 }
202216 }
203217
@@ -236,20 +250,16 @@
237251 }
238252 if ( $inLinkType == 'button' ) {
239253 $str =
240 - Xml::openElement( 'form', array('action' => $link_url, 'method' => 'get', 'class' => $classStr) ) .
241 - Xml::openElement( 'button', array('type' => 'submit', 'value' => $inLinkStr) ) .
242 - $inLinkStr .
243 - Xml::closeElement( 'button' ) .
244 - $hidden_inputs .
245 - Xml::closeElement( 'form' );
 254+ Xml::tags( 'form', array('action' => $link_url, 'method' => 'get', 'class' => $classStr),
 255+ Xml::tags( 'button', array('type' => 'submit', 'value' => $inLinkStr), $inLinkStr ) .
 256+ $hidden_inputs
 257+ );
246258 } elseif ( $inLinkType == 'post button' ) {
247259 $str =
248 - Xml::openElement( 'form', array('action' => $link_url, 'method' => 'post', 'class' => $classStr) ) .
249 - Xml::openElement( 'button', array('type' => 'submit', 'value' => $inLinkStr) ) .
250 - $inLinkStr .
251 - Xml::closeElement( 'button' ) .
252 - $hidden_inputs .
253 - Xml::closeElement( 'form' );
 260+ Xml::tags( 'form', array('action' => $link_url, 'method' => 'get', 'class' => $classStr),
 261+ Xml::tags( 'button', array('type' => 'submit', 'value' => $inLinkStr), $inLinkStr ) .
 262+ $hidden_inputs
 263+ );
254264 } else {
255265 // If a target page has been specified but it doesn't
256266 // exist, make it a red link.
@@ -259,10 +269,7 @@
260270 $classStr .= " new";
261271 }
262272 }
263 - $str =
264 - Xml::openElement( 'a', array('href' => $link_url, 'class' => $classStr, 'title' => $inTitle) ) .
265 - $inLinkStr .
266 - Xml::closeElement( 'a' );
 273+ $str = Xml::tags( 'a', array('href' => $link_url, 'class' => $classStr, 'title' => $inTitle), $inLinkStr );
267274 }
268275 // hack to remove newline from beginning of output, thanks to
269276 // http://jimbojw.com/wiki/index.php?title=Raw_HTML_Output_from_a_MediaWiki_Parser_Function

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r102038bugfix (output escaped twice)foxtrott20:14, 4 November 2011