r114390 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r114389‎ \| r114390 \| r114391 >
Date:	18:40, 21 March 2012
Author:	catrope
Status:	ok
Tags:
Comment:	Revert r111347, r111348, r111350, r111351, r111515, r111816, r112243, r112251, r112308, r112314, r112315, r112465, r112467, r112709, r113297, r113508, r113510, r113524, r113546, r114168. Unreviewed revisions in the RSS extension and their dependencies. All of these revisions are tagged with 'gerritmigration' and will be resubmitted into Gerrit after the Gerrit switchover. See also http://lists.wikimedia.org/pipermail/wikitech-l/2012-March/059124.html
Modified paths:	/trunk/extensions/RSS/RELEASE-NOTES (modified) (history) /trunk/extensions/RSS/RSS.i18n.php (modified) (history) /trunk/extensions/RSS/RSS.php (modified) (history) /trunk/extensions/RSS/RSSData.php (modified) (history) /trunk/extensions/RSS/RSSHooks.php (modified) (history) /trunk/extensions/RSS/RSSParser.php (modified) (history)

Diff [purge]

Index: trunk/extensions/RSS/RSSHooks.php
—	—	@@ -1,7 +1,6 @@
2	2	<?php
3	3
4	4	class RSSHooks {
5		-
6	5	/**
7	6	* Tell the parser how to handle <rss> elements
8	7	* @param $parser Parser Object
—	—	@@ -20,51 +19,24 @@
21	20	* @param $parser Parser
22	21	* @param $frame PPFrame parser context
23	22	*/
24		~~- static function renderRss( $input, array $args, Parser $parser, PPFrame $frame ) {~~
25		~~- global $wgRSSCacheAge, $wgRSSCacheCompare, $wgRSSNamespaces,~~
26		~~- $wgRSSUrlWhitelist,$wgRSSAllowedFeeds;~~
	23	+ static function renderRss( $input, $args, $parser, $frame ) {
	24	+ global $wgRSSCacheAge, $wgRSSCacheCompare, $wgRSSNamespaces, $wgRSSAllowedFeeds;
27	25
28	26	if ( is_array( $wgRSSNamespaces ) && count( $wgRSSNamespaces ) ) {
29	27	$ns = $parser->getTitle()->getNamespace();
30	28	$checkNS = array_flip( $wgRSSNamespaces );
31	29
32	30	if( !isset( $checkNS[$ns] ) ) {
33		~~- return RSSUtils::RSSError( 'rss-ns-permission' );~~
	31	+ return wfMsg( 'rss-ns-permission' );
34	32	}
35	33	}
36	34
37		~~- switch ( true ) {~~
38		-
39		~~- case ( isset( $wgRSSAllowedFeeds ) ):~~
40		~~- return RSSUtils::RSSError( 'rss-deprecated-wgrssallowedfeeds-found' );~~
41		~~- break;~~
42		-
43		~~- # disallow because there is no whitelist or empty whitelist~~
44		~~- case ( !isset( $wgRSSUrlWhitelist )~~
45		~~- \|\| !is_array( $wgRSSUrlWhitelist )~~
46		~~- \|\| ( count( $wgRSSUrlWhitelist ) === 0 ) ):~~
47		~~- return RSSUtils::RSSError( 'rss-empty-whitelist',~~
48		~~- $input~~
49		~~- );~~
50		~~- break;~~
51		-
52		~~- # allow~~
53		~~- case ( in_array( "*", $wgRSSUrlWhitelist ) ):~~
54		~~- case ( in_array( $input, $wgRSSUrlWhitelist ) ):~~
55		~~- break;~~
56		-
57		~~- # otherwise disallow~~
58		~~- case ( !in_array( $input, $wgRSSUrlWhitelist ) ):~~
59		~~- default:~~
60		~~- $listOfAllowed = $parser->getFunctionLang()->listToText( $wgRSSUrlWhitelist );~~
61		~~- $numberAllowed = $parser->getFunctionLang()->formatNum( count( $wgRSSUrlWhitelist ) );~~
62		~~- return RSSUtils::RSSError( 'rss-url-is-not-whitelisted',~~
63		~~- array( $input, $listOfAllowed, $numberAllowed )~~
64		~~- );~~
	35	+ if ( count( $wgRSSAllowedFeeds ) && !in_array( $input, $wgRSSAllowedFeeds ) ) {
	36	+ return wfMsg( 'rss-url-permission' );
65	37	}
66		-
	38	+
67	39	if ( !Http::isValidURI( $input ) ) {
68		~~- return RSSUtils::RSSError( 'rss-invalid-url', htmlspecialchars( $input ) );~~
	40	+ return wfMsg( 'rss-invalid-url', htmlspecialchars( $input ) );
69	41	}
70	42	if ( $wgRSSCacheCompare ) {
71	43	$timeout = $wgRSSCacheCompare;
—	—	@@ -84,10 +56,9 @@
85	57	}
86	58
87	59	if ( !is_object( $rss->rss ) \|\| !is_array( $rss->rss->items ) ) {
88		~~- return RSSUtils::RSSError( 'rss-empty', htmlspecialchars( $input ) );~~
	60	+ return wfMsg( 'rss-empty', htmlspecialchars( $input ) );
89	61	}
90	62
91	63	return $rss->renderFeed( $parser, $frame );
92	64	}
93		-
94	65	}
Index: trunk/extensions/RSS/RELEASE-NOTES
—	—	@@ -2,6 +2,8 @@
3	3	http://www.mediawiki.org/wiki/Extension:RSS
4	4
5	5	=== TO DO ===
	6	+* bug 30377 add a new parameter to limit the number of characters when rendering
	7	+ the channel item <description>
6	8	* set an upper default limit for HttpRequest request size when fetching feeds
7	9	doing a HEAD request first to ask for the size but that value may not be
8	10	available. Check how much data is returned as its coming back
—	—	@@ -10,57 +12,9 @@
11	13	coming in. Then you could abort cleanly once it's gotten too much
12	14	(otherwise using the defaults - PHP will abort the entire program when your
13	15	memory usage gets too high)
	16	+* bug 30028 "Error parsing XML for RSS" - improve and harden Extension:RSS when
	17	+ parsing differently flavoured RSS feeds
14	18
15		~~-=== Version 2.12 2012-03-07 ===~~
16		~~-* bug fix 34763 "RSS feed items (HTML) are not rendered as HTML but htmlescaped"~~
17		~~-* regression bug 30377 "Add a new parameter to limit the number of characters~~
18		~~- when rendering the channel item <description>". Feed item string length~~
19		~~- limitation is difficult when we allow HTML <a> or <img> tags, because a mere~~
20		~~- content-unaware limitation breaks (can break) tags which results in disastrous~~
21		~~- rendering results.~~
22		-
23		~~-=== Version 2.11 2012-02-29 ===~~
24		~~-* function name typo correction~~
25		-
26		~~-=== Version 2.10 2012-02-27 ===~~
27		~~-* final solution of bug 30028 "Error parsing XML for RSS" - improve and harden~~
28		~~- Extension:RSS when parsing differently flavoured RSS feeds and ATOM feeds~~
29		~~-* new parameter $wgRSSUrlNumberOfAllowedRedirects (default = 0)~~
30		~~- Some feed urls redirect. The new RSS version can deal with redirects,~~
31		~~- but it must be expressly enabled. For example, you can set~~
32		~~- $wgRSSUrlNumberOfAllowedRedirects = 1;~~
33		-
34		~~-=== Version 2.01 2012-02-24 ===~~
35		~~-* "summary" element of ATOM feed items are shown~~
36		~~- which is handled like "description" element of RSS~~
37		~~-* handling of basic HTML layout tags <p> <br> <b> <i> <u> <s> in item description~~
38		-
39		~~-=== Version 2.00 2012-02-24 ===~~
40		~~-* first version which can parse RSS and at least some ATOM feeds~~
41		~~- partial solution of bug 30028 "Error parsing XML for RSS" - improve and harden~~
42		~~- Extension:RSS when parsing differently flavoured RSS feeds and ATOM feeds~~
43		-
44		~~-=== Version 1.94 2012-02-23 ===~~
45		~~-* changed white list definition and behaviour:~~
46		-
47		~~- 1. changed the name from $wgRSSAllowedFeeds to $wgRSSUrlWhitelist~~
48		~~- 2. behaviour has been changed~~
49		-
50		~~- the new behaviour is:~~
51		~~- $wgRSSUrlWhitelist is empty by default. Since version 1.94 it must be~~
52		~~- expressly set to an array( list-of-comma-separated-allowed-RSS-urls-strings )~~
53		~~- or set to array( "*" ) if you want to allow any url~~
54		-
55		~~- the old behaviour was:~~
56		~~- $wgRSSAllowedFeeds was empty by default and empty meant that every Url~~
57		~~- was allowed by default. This has been changed, see new behaviour.~~
58		-
59		~~-=== Version 1.92 2012-02-13 ===~~
60		~~-* added optional date= attribute and $wgRSSDateDefaultFormat parameter~~
61		~~-* added optional item-max-length= attribute and $wgRSSItemMaxLength parameter~~
62		~~- fixes bug 30377 add a new parameter to limit the number of characters when~~
63		~~- rendering the channel item <description>~~
64		-
65	19	=== Version 1.90 2011-08-15 ===
66	20	* removed parsing of each single channel subelement (item)
67	21	* only the finally constructed feed is sent to the recursive parser:
Index: trunk/extensions/RSS/RSSData.php
—	—	@@ -15,14 +15,8 @@
16	16	return;
17	17	}
18	18	$xpath = new DOMXPath( $xml );
19		-
20		~~- // namespace-safe method to find all elements~~
21		~~- $items = $xpath->query( "//*[local-name() = 'item']" );~~
	19	+ $items = $xpath->query( '/rss/channel/item' );
22	20
23		~~- if ( $items->length == 0 ) {~~
24		~~- $items = $xpath->query( "//*[local-name() = 'entry']" );~~
25		~~- }~~
26		-
27	21	if( $items->length !== 0 ) {
28	22	foreach ( $items as $item ) {
29	23	$bit = array();
—	—	@@ -43,7 +37,7 @@
44	38	$this->items[] = $bit;
45	39	}
46	40	} else {
47		~~- $this->error = 'No RSS//ATOM items found.';~~
	41	+ $this->error = 'No RSS items found.';
48	42	return;
49	43	}
50	44	}
—	—	@@ -58,16 +52,18 @@
59	53	* @param $n String: name of the element we have
60	54	* @return String Name to map it to
61	55	*/
62		~~- protected function rssTokenToName( $name ) {~~
63		~~- switch( $name ) {~~
	56	+ protected function rssTokenToName( $n ) {
	57	+ switch( $n ) {
64	58	case 'dc:date':
	59	+ return 'date';
	60	+ # parse "2010-10-18T18:07:00Z"
65	61	case 'pubDate':
66		~~- case 'updated':~~
67	62	return 'date';
	63	+ # parse RFC date
68	64	case 'dc:creator':
69	65	return 'author';
70		~~- case 'summary':~~
71		~~- return 'description';~~
	66	+ case 'title':
	67	+ return 'title';
72	68	case 'content:encoded':
73	69	return 'encodedContent';
74	70
—	—	@@ -80,8 +76,9 @@
81	77	case 'comments':
82	78	case 'category':
83	79	return null;
	80	+
84	81	default:
85		~~- return $name;~~
	82	+ return $n;
86	83	}
87	84	}
88	85	}
\ No newline at end of file
Index: trunk/extensions/RSS/RSSParser.php
—	—	@@ -2,8 +2,6 @@
3	3
4	4	class RSSParser {
5	5	protected $maxheads = 32;
6		~~- protected $date = "Y-m-d H:i:s";~~
7		~~- protected $ItemMaxLength = 200;~~
8	6	protected $reversed = false;
9	7	protected $highlight = array();
10	8	protected $filter = array();
—	—	@@ -39,8 +37,6 @@
40	38	* and return an object that can produce rendered output.
41	39	*/
42	40	function __construct( $url, $args ) {
43		~~- global $wgRSSDateDefaultFormat,$wgRSSItemMaxLength;~~
44		-
45	41	$this->url = $url;
46	42
47	43	# Get max number of headlines from argument-array
—	—	@@ -54,13 +50,11 @@
55	51	}
56	52
57	53	# Get date format from argument array
58		~~- # or use a default value~~
	54	+ # FIXME: not used yet
59	55	if ( isset( $args['date'] ) ) {
60	56	$this->date = $args['date'];
61		~~- } elseif ( isset( $wgRSSDateDefaultFormat ) ) {~~
62		~~- $this->date = $wgRSSDateDefaultFormat;~~
63	57	}
64		-
	58	+
65	59	# Get highlight terms from argument array
66	60	if ( isset( $args['highlight'] ) ) {
67	61	# mapping to lowercase here so the regex can be case insensitive below.
—	—	@@ -72,13 +66,6 @@
73	67	$this->filter = self::explodeOnSpaces( $args['filter'] );
74	68	}
75	69
76		~~- # Get a maximal length for item texts~~
77		~~- if ( isset( $args['item-max-length'] ) ) {~~
78		~~- $this->ItemMaxLength = $args['item-max-length'];~~
79		~~- } elseif ( is_numeric( $wgRSSItemMaxLength ) ) {~~
80		~~- $this->ItemMaxLength = $wgRSSItemMaxLength;~~
81		~~- }~~
82		-
83	70	if ( isset( $args['filterout'] ) ) {
84	71	$this->filterOut = self::explodeOnSpaces( $args['filterout'] );
85	72	}
—	—	@@ -218,8 +205,7 @@
219	206	* @return Status object
220	207	*/
221	208	protected function fetchRemote( $key, array $headers = array()) {
222		~~- global $wgRSSFetchTimeout, $wgRSSUserAgent, $wgRSSProxy,~~
223		~~- $wgRSSUrlNumberOfAllowedRedirects;~~
	209	+ global $wgRSSFetchTimeout, $wgRSSUserAgent, $wgRSSProxy;
224	210
225	211	if ( $this->etag ) {
226	212	wfDebugLog( 'RSS', 'Used etag: ' . $this->etag );
—	—	@@ -231,71 +217,12 @@
232	218	$headers['If-Modified-Since'] = $lm;
233	219	}
234	220
235		- /**
236		~~- * 'noProxy' can conditionally be set as shown in the commented~~
237		~~- * example below; in HttpRequest 'noProxy' takes precedence over~~
238		~~- * any value of 'proxy' and disables the use of a proxy.~~
239		- *
240		~~- * This is useful if you run the wiki in an intranet and need to~~
241		~~- * access external feed urls through a proxy but internal feed~~
242		~~- * urls must be accessed without a proxy.~~
243		- *
244		~~- * The general handling of such cases will be subject of a~~
245		~~- * forthcoming version.~~
246		~~- */~~
	221	+ $client = HttpRequest::factory( $this->url, array(
	222	+ 'timeout' => $wgRSSFetchTimeout,
	223	+ 'proxy' => $wgRSSProxy
247	224
248		~~- $url = $this->url;~~
249		~~- $noProxy = !isset( $wgRSSProxy );~~
250		-
251		~~- // Example for disabling proxy use for certain urls~~
252		~~- // $noProxy = preg_match( '!\.internal\.example\.com$!i', parse_url( $url, PHP_URL_HOST ) );~~
253		-
254		- /**
255		~~- * Copied from HttpFunctions.php~~
256		~~- * Perform an HTTP request~~
257		- *
258		~~- * @param $method String: HTTP method. Usually GET/POST~~
259		~~- * @param $url String: full URL to act on. If protocol-relative, will be expanded to an http:// URL~~
260		~~- * @param $options Array: options to pass to MWHttpRequest object.~~
261		~~- * Possible keys for the array:~~
262		~~- * - timeout Timeout length in seconds~~
263		~~- * - postData An array of key-value pairs or a url-encoded form data~~
264		~~- * - proxy The proxy to use.~~
265		~~- * Otherwise it will use $wgHTTPProxy (if set)~~
266		~~- * Otherwise it will use the environment variable "http_proxy" (if set)~~
267		~~- * - noProxy Don't use any proxy at all. Takes precedence over proxy value(s).~~
268		~~- * - sslVerifyHost (curl only) Verify hostname against certificate~~
269		~~- * - sslVerifyCert (curl only) Verify SSL certificate~~
270		~~- * - caInfo (curl only) Provide CA information~~
271		~~- * - maxRedirects Maximum number of redirects to follow (defaults to 5)~~
272		~~- * - followRedirects Whether to follow redirects (defaults to false).~~
273		~~- * Note: this should only be used when the target URL is trusted,~~
274		~~- * to avoid attacks on intranet services accessible by HTTP.~~
275		~~- * - userAgent A user agent, if you want to override the default~~
276		~~- * MediaWiki/$wgVersion~~
277		~~- * @return Mixed: (bool)false on failure or a string on success~~
278		~~- */~~
279		-
280		~~- if ( isset( $wgRSSUrlNumberOfAllowedRedirects )~~
281		~~- && is_numeric( $wgRSSUrlNumberOfAllowedRedirects ) ) {~~
282		~~- $maxRedirects = $wgRSSUrlNumberOfAllowedRedirects;~~
283		~~- } else {~~
284		~~- $maxRedirects = 0;~~
285		~~- }~~
286		-
287		~~- // we set followRedirects intentionally to true to see error messages~~
288		~~- // in cases where the maximum number of redirects is reached~~
289		~~- $client = HttpRequest::factory( $url,~~
290		~~- array(~~
291		~~- 'timeout' => $wgRSSFetchTimeout,~~
292		~~- 'followRedirects' => true,~~
293		~~- 'maxRedirects' => $maxRedirects,~~
294		~~- 'proxy' => $wgRSSProxy,~~
295		~~- 'noProxy' => $noProxy,~~
296		~~- 'userAgent' => $wgRSSUserAgent,~~
297		~~- )~~
298		~~- );~~
299		-
	225	+ ) );
	226	+ $client->setUserAgent( $wgRSSUserAgent );
300	227	foreach ( $headers as $header => $value ) {
301	228	$client->setHeader( $header, $value );
302	229	}
—	—	@@ -312,14 +239,6 @@
313	240	return $ret;
314	241	}
315	242
316		~~- function sandboxParse($wikiText) {~~
317		~~- global $wgTitle, $wgUser;~~
318		~~- $myParser = new Parser();~~
319		~~- $myParserOptions = ParserOptions::newFromUser($wgUser);~~
320		~~- $result = $myParser->parse($wikiText, $wgTitle, $myParserOptions);~~
321		~~- return $result->getText();~~
322		~~- }~~
323		-
324	243	/**
325	244	* Render the entire feed so that each item is passed to the
326	245	* template which the MediaWiki then displays.
—	—	@@ -328,7 +247,7 @@
329	248	* @param $frame the frame param to pass to recursiveTagParse()
330	249	*/
331	250	function renderFeed( $parser, $frame ) {
332		-
	251	+
333	252	$renderedFeed = '';
334	253
335	254	if ( isset( $this->itemTemplate ) && isset( $parser ) && isset( $frame ) ) {
—	—	@@ -344,16 +263,15 @@
345	264	}
346	265
347	266	if ( $this->canDisplay( $item ) ) {
348		~~- $renderedFeed .= $this->renderItem( $item, $parser ) . "\n";~~
	267	+ $renderedFeed .= $this->renderItem( $item ) . "\n";
349	268	$headcnt++;
350	269	}
351	270	}
352	271
353		~~- $renderedFeed = $this->sandboxParse( $renderedFeed );~~
	272	+ $renderedFeed = $parser->recursiveTagParse( $renderedFeed, $frame );
354	273
355		~~- }~~
356		-
357		~~- $parser->addTrackingCategory( 'rss-tracking-category' );~~
	274	+ }
	275	+
358	276	return $renderedFeed;
359	277	}
360	278
—	—	@@ -362,7 +280,7 @@
363	281	*
364	282	* @param $item Array: an array produced by RSSData where keys are the names of the RSS elements
365	283	*/
366		~~- protected function renderItem( $item, $parser ) {~~
	284	+ protected function renderItem( $item ) {
367	285
368	286	$renderedItem = $this->itemTemplate;
369	287
—	—	@@ -371,38 +289,14 @@
372	290	// and that means bad RSS with stuff like
373	291	// <description><script>alert("hi")</script></description> will find its
374	292	// rogue <script> tags neutered.
375		~~- // use the overloaded multi byte wrapper functions in GlobalFunctions.php~~
376	293
377	294	foreach ( array_keys( $item ) as $info ) {
378		~~- switch ( $info ) {~~
379		~~- // ATOM <id> elements and RSS <link> elements are item link urls~~
380		~~- case 'id':~~
381		~~- $txt = $this->sanitizeUrl( $item['id'] );~~
382		~~- $renderedItem = str_replace( '{{{link}}}', $txt, $renderedItem );~~
383		~~- break;~~
384		~~- case 'link':~~
385		~~- if ( !isset( $item['id'] ) ) {~~
386		~~- $txt = $this->sanitizeUrl( $item['link'] );~~
387		~~- }~~
388		~~- $renderedItem = str_replace( '{{{link}}}', $txt, $renderedItem );~~
389		~~- break;~~
390		~~- case 'date':~~
391		~~- $tempTimezone = date_default_timezone_get();~~
392		~~- date_default_timezone_set( 'UTC' );~~
393		~~- $txt = date( $this->date, strtotime( $this->escapeTemplateParameter( $item['date'] ) ) );~~
394		~~- date_default_timezone_set( $tempTimezone );~~
395		~~- $renderedItem = str_replace( '{{{date}}}', $txt, $renderedItem );~~
396		~~- break;~~
397		~~- default:~~
398		~~- $str = $this->escapeTemplateParameter( $item[$info] );~~
399		- /***
400		~~- if ( mb_strlen( $str ) > $this->ItemMaxLength ) {~~
401		~~- $str = mb_substr( $str, 0, $this->ItemMaxLength ) . " ...";~~
402		~~- }~~
403		~~- ***/~~
404		~~- $txt = $this->highlightTerms( $str );~~
405		~~- $renderedItem = str_replace( '{{{' . $info . '}}}', $parser->insertStripItem( $str ), $renderedItem );~~
	295	+ if ( $info != 'link' ) {
	296	+ $txt = $this->highlightTerms( $this->escapeTemplateParameter( $item[ $info ] ) );
	297	+ } else {
	298	+ $txt = $this->sanitizeUrl( $item[ $info ] );
406	299	}
	300	+ $renderedItem = str_replace( '{{{' . $info . '}}}', $txt, $renderedItem );
407	301	}
408	302
409	303	// nullify all remaining info items in the template
—	—	@@ -440,65 +334,18 @@
441	335
442	336	/**
443	337	* Sanitize user input for inclusion as a template parameter.
444		- *
445	338	* Unlike in wfEscapeWikiText() as of r77127, this escapes }} in addition
446	339	* to the other kinds of markup, to avoid user input ending a template
447	340	* invocation.
448		- *
449		~~- * If you want to allow clickable link Urls (HTML <a> tag) in RSS feeds:~~
450		~~- * $wgRSSAllowLinkTag = true;~~
451		- *
452		~~- * If you want to allow images (HTML <img> tag) in RSS feeds:~~
453		~~- * $wgAllowImageTag = true;~~
454		- *
455	341	*/
456	342	protected function escapeTemplateParameter( $text ) {
457		~~- global $wgRSSAllowLinkTag, $wgAllowImageTag;~~
458		-
459		~~- if ( isset( $wgRSSAllowLinkTag ) && $wgRSSAllowLinkTag ) {~~
460		~~- $extra = array( "a" );~~
461		~~- } else {~~
462		~~- $extra = array();~~
463		~~- }~~
464		-
465		~~- if ( ( isset( $wgRSSAllowLinkTag ) && $wgRSSAllowLinkTag )~~
466		~~- \|\| ( isset( $wgAllowImageTag ) && $wgAllowImageTag ) ) {~~
467		-
468		~~- $ret = Sanitizer::removeHTMLtags( $text, null, array(), $extra, array( "iframe" ) );~~
469		-
470		~~- } else { // use the old escape method for a while~~
471		-
472		~~- $text = str_replace(~~
473		~~- array( '[', '\|', ']', '\'', 'ISBN ',~~
474		~~- 'RFC ', '://', "\n=", '{{', '}}',~~
475		~~- ),~~
476		~~- array( '[', '\|', ']', ''', 'ISBN ',~~
477		~~- 'RFC ', '://', "\n=", '{{', '}}',~~
478		~~- ),~~
479		~~- htmlspecialchars( str_replace( "\n", "", $text ) )~~
480		~~- );~~
481		-
482		~~- // keep some basic layout tags~~
483		~~- $ret = str_replace(~~
484		~~- array( '<p>', '</p>',~~
485		~~- '<br/>', '<br>', '</br>',~~
486		~~- '<b>', '</b>',~~
487		~~- '<i>', '</i>',~~
488		~~- '<u>', '</u>',~~
489		~~- '<s>', '</s>',~~
490		~~- ),~~
491		~~- array( "", "<br/>",~~
492		~~- "<br/>", "<br/>", "<br/>",~~
493		~~- "'''", "'''",~~
494		~~- "''", "''",~~
495		~~- "<u>", "</u>",~~
496		~~- "<s>", "</s>",~~
497		~~- ),~~
498		~~- $text~~
499		~~- );~~
500		~~- }~~
501		-
502		~~- return $ret;~~
	343	+ return str_replace(
	344	+ array( '[', '\|', ']', '\'', 'ISBN ',
	345	+ 'RFC ', '://', "\n=", '{{', '}}' ),
	346	+ array( '[', '\|', ']', ''', 'ISBN ',
	347	+ 'RFC ', '://', "\n=", '{{', '}}' ),
	348	+ htmlspecialchars( $text )
	349	+ );
503	350	}
504	351
505	352	/**
—	—	@@ -574,8 +421,8 @@
575	422	*
576	423	* @param $text String: the text to examine
577	424	* @param $filterType String: "filterOut" to check for matches in the
578		~~- * filterOut member list.~~
579		~~- * Otherwise, uses the filter member list.~~
	425	+ * filterOut member list.
	426	+ * Otherwise, uses the filter member list.
580	427	* @return Boolean: decision to filter or not.
581	428	*/
582	429	protected function filter( $text, $filterType ) {
—	—	@@ -650,25 +497,3 @@
651	498	return sprintf( $styleStart, $bgcolor[$index], $color[$index] ) . $match[0] . $styleEnd;
652	499	}
653	500	}
654		-
655		~~-class RSSUtils {~~
656		-
657		- /**
658		~~- * Output an error message, all wraped up nicely.~~
659		~~- * @param String $errorMessageName The system message that this error is~~
660		~~- * @param String\|Array $param Error parameter (or parameters)~~
661		~~- * @return String Html that is the error.~~
662		~~- */~~
663		~~- public static function RSSError( $errorMessageName, $param = false ) {~~
664		-
665		~~- // Anything from a parser tag should use Content lang for message,~~
666		~~- // since the cache doesn't vary by user language: do not use wfMsgForContent but wfMsgForContent~~
667		~~- // The ->parse() part makes everything safe from an escaping standpoint.~~
668		-
669		~~- return Html::rawElement( 'span', array( 'class' => 'error' ),~~
670		~~- "Extension:RSS -- Error: " . wfMessage( $errorMessageName )->inContentLanguage()->params( $param )->parse()~~
671		~~- );~~
672		-
673		~~- }~~
674		-
675		-}
Index: trunk/extensions/RSS/RSS.i18n.php
—	—	@@ -14,16 +14,13 @@
15	15
16	16	$messages['en'] = array(
17	17	'rss-desc' => 'Displays RSS feeds on MediaWiki pages in a standard or in user-definable formats using template pages',
18		~~- 'rss-tracking-category' => 'Pages with RSS feeds',~~
19	18	'rss-error' => 'Failed to load RSS feed from $1: $2',
20	19	'rss-empty' => 'Failed to load RSS feed from $1!',
21	20	'rss-fetch-nourl' => 'Fetch called without a URL!',
22	21	'rss-invalid-url' => 'Not a valid URL: $1',
23	22	'rss-parse-error' => 'Error parsing XML for RSS',
24	23	'rss-ns-permission' => 'RSS is not allowed in this namespace',
25		~~- 'rss-url-is-not-whitelisted' => '"$1" is not in the whitelist of allowed feeds. {{PLURAL:$3\|$2 is the only allowed feed\|The allowed feeds are as follows: $2}}.',~~
26		~~- 'rss-empty-whitelist' => '"$1" is not in the whitelist of allowed feeds. There are no allowed feed URLs in the whitelist.',~~
27		- 'rss-deprecated-wgrssallowedfeeds-found' => 'The deprecated variable $wgRSSAllowedFeeds has been detected. Since RSS version 2.0 this variable has to be replaced by $wgRSSUrlWhitelist as described in the manual page Extension:RSS.',
	24	+ 'rss-url-permission' => 'This URL is not allowed to be included',
28	25	'rss-item' => '{{$1 \| title = {{{title}}} \| link = {{{link}}} \| date = {{{date}}} \| author = {{{author}}} \| description = {{{description}}} }}',
29	26	'rss-feed' => "<!-- the following are two alternative templates. The first is the basic default template for feeds -->; '''<span class='plainlinks'>[{{{link}}} {{{title}}}]</span>'''
30	27	: {{{description}}}
—	—	@@ -35,7 +32,6 @@
36	33	* @author Yekrats
37	34	*/
38	35	$messages['qqq'] = array(
39		~~- 'rss-tracking-category' => 'The name of a category for all pages which use the <rss> parser extension tag. The category is automatically added unless the feature is disabled.',~~
40	36	'rss-invalid-url' => '$1 is the invalid URL for the RSS feed',
41	37	'rss-feed' => "; $1
42	38	: ''not to be localised''
Index: trunk/extensions/RSS/RSS.php
—	—	@@ -4,7 +4,7 @@
5	5	*
6	6	* @file
7	7	* @ingroup Extensions
8		~~- * @version 2.15~~
	8	+ * @version 1.90
9	9	* @author mutante, Daniel Kinzler, Rdb, Mafs, Thomas Gries, Alxndr, Chris Reigrut, K001
10	10	* @author Kellan Elliott-McCrea <kellan@protest.net> -- author of MagpieRSS
11	11	* @author Jeroen De Dauw
—	—	@@ -14,8 +14,6 @@
15	15	* @link http://www.mediawiki.org/wiki/Extension:RSS Documentation
16	16	*/
17	17
18		~~-define( "EXTENSION_RSS_VERSION", "2.15 20120319" );~~
19		-
20	18	if ( !defined( 'MEDIAWIKI' ) ) {
21	19	die( "This is not a valid entry point.\n" );
22	20	}
—	—	@@ -28,7 +26,7 @@
29	27	'Rdb', 'Mafs', 'Alxndr', 'Thomas Gries', 'Chris Reigrut',
30	28	'K001', 'Jack Phoenix', 'Jeroen De Dauw', 'Mark A. Hershberger'
31	29	),
32		~~- 'version' => EXTENSION_RSS_VERSION,~~
	30	+ 'version' => '1.90 20110815',
33	31	'url' => 'https://www.mediawiki.org/wiki/Extension:RSS',
34	32	'descriptionmsg' => 'rss-desc',
35	33	);
—	—	@@ -38,63 +36,32 @@
39	37	$wgExtensionMessagesFiles['RSS'] = $dir . 'RSS.i18n.php';
40	38	$wgAutoloadClasses['RSSHooks'] = $dir . 'RSSHooks.php';
41	39	$wgAutoloadClasses['RSSParser'] = $dir . 'RSSParser.php';
42		~~-$wgAutoloadClasses['RSSUtils'] = $dir . 'RSSParser.php';~~
43	40	$wgAutoloadClasses['RSSData'] = $dir . 'RSSData.php';
44	41
45	42	$wgHooks['ParserFirstCallInit'][] = 'RSSHooks::parserInit';
46	43
47		~~-// one hour~~
48		~~-$wgRSSCacheAge = 3600;~~
	44	+ // one hour
	45	+ $wgRSSCacheAge = 3600;
49	46
50	47	// Check cached content, if available, against remote.
51	48	// $wgRSSCacheCompare should be set to false or a timeout
52	49	// (less than $wgRSSCacheAge) after which a comparison will be made.
53		~~-// for debugging set $wgRSSCacheCompare = 1;~~
54	50	$wgRSSCacheCompare = false;
55	51
56		~~-// 15 second timeout~~
57		~~-$wgRSSFetchTimeout = 15;~~
	52	+// 5 second timeout
	53	+$wgRSSFetchTimeout = 5;
58	54
59	55	// Ignore the RSS tag in all but the namespaces listed here.
60	56	// null (the default) means the <rss> tag can be used anywhere.
61	57	$wgRSSNamespaces = null;
62	58
63		~~-// Whitelist of allowed RSS Urls~~
64		~~-//~~
65		~~-// If there are items in the array, and the user supplied URL is not in the array,~~
66		~~-// the url will not be allowed~~
67		~~-//~~
68		~~-// Urls are case-sensitively tested against values in the array.~~
69		~~-// They must exactly match including any trailing "/" character.~~
70		~~-//~~
71		~~-// Warning: Allowing all urls (not setting a whitelist)~~
72		~~-// may be a security concern.~~
73		~~-//~~
74		~~-// an empty or non-existent array means: no whitelist defined~~
75		~~-// this is the default: an empty whitelist. No servers are allowed by default.~~
76		~~-$wgRSSUrlWhitelist = array();~~
	59	+// URL whitelist of RSS Feeds:
	60	+// if there are items in the array, and the used URL isn't in the array,
	61	+// it will not be allowed (originally proposed in bug 27768)
	62	+$wgRSSAllowedFeeds = array();
77	63
78		~~-// include "*" if you expressly want to allow all urls (you should not do this)~~
79		~~-// $wgRSSUrlWhitelist = array( "*" );~~
80		-
81		~~-// Maximum number of redirects to follow (defaults to 0)~~
82		~~-// Note: this should only be used when the target URLs are trusted,~~
83		~~-// to avoid attacks on intranet services accessible by HTTP.~~
84		~~-$wgRSSUrlNumberOfAllowedRedirects = 0;~~
85		-
86	64	// Agent to use for fetching feeds
87		~~-$wgRSSUserAgent = "MediaWikiRSS/" . strtok( EXTENSION_RSS_VERSION, " " ) . " (+http://www.mediawiki.org/wiki/Extension:RSS) / MediaWiki RSS extension";~~
	65	+$wgRSSUserAgent = 'MediaWikiRSS/0.02 (+http://www.mediawiki.org/wiki/Extension:RSS) / MediaWiki RSS extension';
88	66
89	67	// Proxy server to use for fetching feeds
90	68	$wgRSSProxy = false;
91		-
92		~~-// default date format of item publication dates see http://www.php.net/date~~
93		~~-$wgRSSDateDefaultFormat = "(Y-m-d H:i:s)";~~
94		-
95		~~-// limit the number of characters in the item description~~
96		~~-// or set to false for unlimited length.~~
97		~~-// THIS IS CURRENTLY NOT WORKING (bug 30377)~~
98		~~-$wgRSSItemMaxLength = false;~~
99		-
100		~~-// You can choose to allow active links in feed items; default: false~~
101		~~-$wgRSSAllowLinkTag = false;~~

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r111347	adding the long-wanted date format attribute. implemented a date format equal...	wikinaut	01:39, 13 February 2012
r111348	follow-up r111347 : adding escapeTemplateParameter around the user supplied o...	wikinaut	01:49, 13 February 2012
r111350	fix for bug30377 : add a new parameter to limit the number of characters when...	wikinaut	07:23, 13 February 2012
r111351	follow-up r111350 . check if optional parameter isset and is_numeric, otherw...	wikinaut	07:36, 13 February 2012
r111515	removed a wrong comment regarding PHP 5.3 function date_create_from_format, w...	wikinaut	00:11, 15 February 2012
r111816	follow-up r111350 r111351 . switch replaced by if elseif construct.	wikinaut	07:35, 18 February 2012
r112243	name and behaviour change of wgRSSAllowedFeeds towgRSSUrlWhitelist. The wgRSS...	wikinaut	21:12, 23 February 2012
r112251	increased wgRSSFetchTimeout default from 5 to 15 seconds - many sites are too...	wikinaut	22:24, 23 February 2012
r112308	v2.00 can parse ATOM feeds, at least some. This is a major improvement over p...	wikinaut	10:16, 24 February 2012
r112314	v2.01 fixed ATOM summary element was forgotten to be parsed. Added handling o...	wikinaut	11:37, 24 February 2012
r112315	improved code legibility function namespacePrefixedQuery	wikinaut	11:47, 24 February 2012
r112465	fix for ultra bug 30028 . The RSS extension can parse RSS and ATOM feeds of d...	wikinaut	01:10, 27 February 2012
r112467	removed superfluous code for setting userAgent since r112466	wikinaut	01:44, 27 February 2012
r112709	function name typo correction. Version number update	wikinaut	20:00, 29 February 2012
r113297	fix for bug34763 'RSS feed items (HTML) are not rendered as HTML but htmlesca...	wikinaut	21:06, 7 March 2012
r113508	add tracking category feature (enabled by default). Each page using this exte...	wikinaut	19:43, 9 March 2012
r113510	follow up r113508 : escaped html tag brackets to make translaters happy	wikinaut	19:50, 9 March 2012
r113524	beautifying the tracking category name	wikinaut	21:03, 9 March 2012
r113546	adding casts. better ?	wikinaut	23:28, 9 March 2012
r114168	removed the redundant code for handling tracking categories. By using '-' for...	wikinaut	18:56, 19 March 2012

Status & tagging log

19:52, 21 March 2012 Aaron Schulz (talk | contribs) changed the status of r114390 [removed: new added: ok]