r25336 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r25335‎ \| r25336 \| r25337 >
Date:	04:43, 31 August 2007
Author:	simetrical
Status:	old
Tags:
Comment:	Added the possibility for Sanitizer::escapeId to validate the first character of the id (make sure it's a letter). This is added as a flag that's set by default. Ideally it should be off by default, with expected behavior being for the returned id to be valid no matter what . . . This isn't actually used yet, but it probably should be.
Modified paths:	/trunk/phase3/includes/Sanitizer.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Sanitizer.php
—	—	@@ -330,6 +330,9 @@
331	331	* @addtogroup Parser
332	332	*/
333	333	class Sanitizer {
	334	+ const NONE = 0;
	335	+ const INITIAL_NONLETTER = 1;
	336	+
334	337	/**
335	338	* Cleans up HTML, removes dangerous tags and attributes, and
336	339	* removes HTML comments
—	—	@@ -778,20 +781,31 @@
779	782	* name attributes
780	783	* @see http://www.w3.org/TR/html401/struct/links.html#h-12.2.3 Anchors with the id attribute
781	784	*
782		~~- * @static~~
783		- *
784		~~- * @param string $id~~
	785	+ * @param string $id Id to validate
	786	+ * @param int $flags Currently only two values: Sanitizer::INITIAL_NONLETTER
	787	+ * (default) permits initial non-letter characters,
	788	+ * such as if you're adding a prefix to them.
	789	+ * Sanitizer::NONE will prepend an 'x' if the id
	790	+ * would otherwise start with a nonletter.
785	791	* @return string
786	792	*/
787		~~- static function escapeId( $id ) {~~
	793	+ static function escapeId( $id, $flags = Sanitizer::INITIAL_NONLETTER ) {
788	794	static $replace = array(
789	795	'%3A' => ':',
790	796	'%' => '.'
791	797	);
792	798
793	799	$id = urlencode( Sanitizer::decodeCharReferences( strtr( $id, ' ', '_' ) ) );
794		-
795		~~- return str_replace( array_keys( $replace ), array_values( $replace ), $id );~~
	800	+ $id = str_replace( array_keys( $replace ), array_values( $replace ), $id );
	801	+
	802	+ echo "flags = $flags, ~flags & Sanitizer::INITIAL_NONLETTER = ".(~$flags&Sanitizer::INITIAL_NONLETTER).", id=$id\n";
	803	+
	804	+ if( ~$flags & Sanitizer::INITIAL_NONLETTER
	805	+ && !preg_match( '/[a-zA-Z]/', $id[0] ) ) {
	806	+ // Initial character must be a letter!
	807	+ $id = "x$id";
	808	+ }
	809	+ return $id;
796	810	}
797	811
798	812	/**

Follow-up revisions

Revision	Commit summary	Author	Date
r25338	Merged revisions 25303-25337 via svnmerge from...	david	04:55, 31 August 2007

Status & tagging log

15:20, 12 September 2011 Meno25 (talk | contribs) changed the status of r25336 [removed: ok added: old]