r17103 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r17102‎ | r17103 | r17104 >
Date:02:29, 19 October 2006
Author:simetrical
Status:old
Tags:
Comment:
(bug 7623) Use Sanitizer::escapeId to validate id's, not htmlspecialchars.
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/skins/MonoBook.php (modified) (history)

Diff [purge]

Index: trunk/phase3/skins/MonoBook.php
@@ -115,7 +115,7 @@
116116 <h5><?php $this->msg('views') ?></h5>
117117 <ul>
118118 <?php foreach($this->data['content_actions'] as $key => $tab) { ?>
119 - <li id="ca-<?php echo htmlspecialchars($key) ?>"<?php
 119+ <li id="ca-<?php echo Sanitizer::escapeId($key) ?>"<?php
120120 if($tab['class']) { ?> class="<?php echo htmlspecialchars($tab['class']) ?>"<?php }
121121 ?>><a href="<?php echo htmlspecialchars($tab['href']) ?>"><?php
122122 echo htmlspecialchars($tab['text']) ?></a></li>
@@ -127,7 +127,7 @@
128128 <div class="pBody">
129129 <ul>
130130 <?php foreach($this->data['personal_urls'] as $key => $item) { ?>
131 - <li id="pt-<?php echo htmlspecialchars($key) ?>"<?php
 131+ <li id="pt-<?php echo Sanitizer::escapeId($key) ?>"<?php
132132 if ($item['active']) { ?> class="active"<?php } ?>><a href="<?php
133133 echo htmlspecialchars($item['href']) ?>"<?php
134134 if(!empty($item['class'])) { ?> class="<?php
@@ -144,12 +144,12 @@
145145 </div>
146146 <script type="<?php $this->text('jsmimetype') ?>"> if (window.isMSIE55) fixalpha(); </script>
147147 <?php foreach ($this->data['sidebar'] as $bar => $cont) { ?>
148 - <div class='portlet' id='p-<?php echo htmlspecialchars($bar) ?>'>
 148+ <div class='portlet' id='p-<?php echo Sanitizer::escapeId($bar) ?>'>
149149 <h5><?php $out = wfMsg( $bar ); if (wfEmptyMsg($bar, $out)) echo $bar; else echo $out; ?></h5>
150150 <div class='pBody'>
151151 <ul>
152152 <?php foreach($cont as $key => $val) { ?>
153 - <li id="<?php echo htmlspecialchars($val['id']) ?>"<?php
 153+ <li id="<?php echo Sanitizer::escapeId($val['id']) ?>"<?php
154154 if ( $val['active'] ) { ?> class="active" <?php }
155155 ?>><a href="<?php echo htmlspecialchars($val['href']) ?>"><?php echo htmlspecialchars($val['text']) ?></a></li>
156156 <?php } ?>
@@ -194,7 +194,7 @@
195195 <?php }
196196 if($this->data['feeds']) { ?>
197197 <li id="feedlinks"><?php foreach($this->data['feeds'] as $key => $feed) {
198 - ?><span id="feed-<?php echo htmlspecialchars($key) ?>"><a href="<?php
 198+ ?><span id="feed-<?php echo Sanitizer::escapeId($key) ?>"><a href="<?php
199199 echo htmlspecialchars($feed['href']) ?>"><?php echo htmlspecialchars($feed['text'])?></a>&nbsp;</span>
200200 <?php } ?></li><?php
201201 }
Index: trunk/phase3/RELEASE-NOTES
@@ -57,8 +57,8 @@
5858 alias for compatibility
5959 * (bug 4525) Move section links down visually to same level as headings
6060 editsection links are now inside the heading elements)
 61+* (bug 7623) Validate custom HTML id's correctly in Monobook interface
6162
62 -
6363 == Languages updated ==
6464
6565 * German (de)