r25923 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r25922‎ \| r25923 \| r25924 >
Date:	22:10, 18 September 2007
Author:	amidaniel
Status:	old
Tags:
Comment:	(bug 11296) Introduced special case pretty-printer rendering of the help document, whereby ampersands will not be escaped, which seems to be the only cause ATM of broken links in the help. This is a temporary fix while we work on getting a fully-html version of the help complete, but one that should not reintroduce any security vulnerabilities (as the only text that is unescaped is hardcoded into the API).
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/api/ApiFormatBase.php (modified) (history) /trunk/phase3/includes/api/ApiMain.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiMain.php
—	—	@@ -319,6 +319,14 @@
320	320	$printer = $this->mPrinter;
321	321	$printer->profileIn();
322	322	$printer->initPrinter($isError);
	323	+
	324	+ /* If the help message is requested in the default (xmlfm) format,
	325	+ * tell the printer not to escape ampersands so that our links do
	326	+ * not break. */
	327	+ $params = $this->extractRequestParams();
	328	+ $printer->setUnescapeAmps ( $this->mAction == 'help'
	329	+ && $params['format'] = ApiMain::API_DEFAULT_FORMAT );
	330	+
323	331	$printer->execute();
324	332	$printer->closePrinter();
325	333	$printer->profileOut();
Index: trunk/phase3/includes/api/ApiFormatBase.php
—	—	@@ -35,7 +35,7 @@
36	36	*/
37	37	abstract class ApiFormatBase extends ApiBase {
38	38
39		~~- private $mIsHtml, $mFormat;~~
	39	+ private $mIsHtml, $mFormat, $mUnescapeAmps;
40	40
41	41	/**
42	42	* Create a new instance of the formatter.
—	—	@@ -69,6 +69,18 @@
70	70	}
71	71
72	72	/**
	73	+ * Specify whether or not ampersands should be escaped to '&' when rendering. This
	74	+ * should only be set to true for the help message when rendered in the default (xmlfm)
	75	+ * format. This is a temporary special-case fix that should be removed once the help
	76	+ * has been reworked to use a fully html interface.
	77	+ *
	78	+ * @param boolean Whether or not ampersands should be escaped.
	79	+ */
	80	+ public function setUnescapeAmps ( $b ) {
	81	+ $this->mUnescapeAmps = $b;
	82	+ }
	83	+
	84	+ /**
73	85	* Returns true when an HTML filtering printer should be used.
74	86	* The default implementation assumes that formats ending with 'fm'
75	87	* should be formatted in HTML.
—	—	@@ -161,6 +173,12 @@
162	174	// Escape everything first for full coverage
163	175	$text = htmlspecialchars($text);
164	176
	177	+ /* Temporary fix for bad links in help messages. As a special case, ampersands
	178	+ * are not escaped in the help message. Should be removed once we have completed
	179	+ * a fully-html version of the help message. */
	180	+ if ( $this->mUnescapeAmps )
	181	+ $text = ereg_replace ( '&', '&', $text );
	182	+
165	183	// encode all comments or tags as safe blue strings
166	184	$text = preg_replace('/\<(!--.?--\|.?)\>/', '<span style="color:blue;"><\1></span>', $text);
167	185	// identify URLs
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -66,6 +66,8 @@
67	67
68	68	* (bug 11275) Enable descending sort in categorymembers
69	69	* (bug 11308) Allow the API to output the image metadata
	70	+* (bug 11296) Temporary fix for escaping of ampersands inside links in pretty-printed
	71	+ help document.
70	72
71	73	=== Languages updated in 1.12 ===
72	74

Follow-up revisions

Revision	Commit summary	Author	Date
r25932	Merged revisions 25861-25931 via svnmerge from...	david	06:43, 19 September 2007
r25938	Tweaks to r25923 for my own peace of mind:...	brion	14:44, 19 September 2007
r26015	Merged revisions 25932-26011 via svnmerge from...	david	21:05, 21 September 2007

Status & tagging log

15:20, 12 September 2011 Meno25 (talk | contribs) changed the status of r25923 [removed: ok added: old]