r37714 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r37713‎ | r37714 | r37715 >
Date:21:13, 15 July 2008
Author:brion
Status:old
Tags:
Comment:
Revert r37663 for now:
"* (bug 13815) In the comment for page moves, use the colon-separator message instead of a hardcoded colon."
"* So that this works properly, don't escape HTML entities in edit summaries. I don't see any good reason for them to be escaped there. Of course, this may result in old edit summaries displaying slightly differently if for some reason they included an entity, but in that case there's at least a 50% chance that they intended it to not be escaped in the first place."

This breaks the ability to easily discuss entities in summaries such as "add  ".
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/GlobalFunctions.php (modified) (history)
  • /trunk/phase3/includes/Linker.php (modified) (history)
  • /trunk/phase3/includes/Sanitizer.php (modified) (history)
  • /trunk/phase3/includes/Title.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/GlobalFunctions.php
@@ -628,7 +628,9 @@
629629 if ( in_array('escape', $options) ) {
630630 $string = htmlspecialchars ( $string );
631631 } elseif ( in_array( 'escapenoentities', $options ) ) {
632 - $string = Sanitizer::escapeHtmlAllowEntities( $string );
 632+ $string = htmlspecialchars( $string );
 633+ $string = str_replace( '&', '&', $string );
 634+ $string = Sanitizer::normalizeCharReferences( $string );
633635 }
634636
635637 if( in_array('replaceafter', $options) ) {
Index: trunk/phase3/includes/Linker.php
@@ -1046,8 +1046,7 @@
10471047
10481048 # Sanitize text a bit:
10491049 $comment = str_replace( "\n", " ", $comment );
1050 - # Allow HTML entities (for bug 13815)
1051 - $comment = Sanitizer::escapeHtmlAllowEntities( $comment );
 1050+ $comment = htmlspecialchars( $comment );
10521051
10531052 # Render autocomments and make links:
10541053 $comment = $this->formatAutoComments( $comment, $title, $local );
Index: trunk/phase3/includes/Sanitizer.php
@@ -827,22 +827,6 @@
828828 }
829829
830830 /**
831 - * Given HTML input, escape with htmlspecialchars but un-escape entites.
832 - * This allows (generally harmless) entities like   to survive.
833 - *
834 - * @param string $html String to escape
835 - * @return string Escaped input
836 - */
837 - static function escapeHtmlAllowEntities( $html ) {
838 - # It seems wise to escape ' as well as ", as a matter of course. Can't
839 - # hurt.
840 - $html = htmlspecialchars( $html, ENT_QUOTES );
841 - $html = str_replace( '&', '&', $html );
842 - $html = Sanitizer::normalizeCharReferences( $html );
843 - return $html;
844 - }
845 -
846 - /**
847831 * Regex replace callback for armoring links against further processing.
848832 * @param array $matches
849833 * @return string
Index: trunk/phase3/includes/Title.php
@@ -2718,9 +2718,7 @@
27192719 $fname = 'MovePageForm::moveToNewTitle';
27202720 $comment = wfMsgForContent( '1movedto2', $this->getPrefixedText(), $nt->getPrefixedText() );
27212721 if ( $reason ) {
2722 - $comment .= wfMsgExt( 'colon-separator',
2723 - array( 'escapenoentities', 'content' ) );
2724 - $comment .= $reason;
 2722+ $comment .= ": $reason";
27252723 }
27262724
27272725 $newid = $nt->getArticleID();
Index: trunk/phase3/RELEASE-NOTES
@@ -189,9 +189,6 @@
190190 * (bug 9736) Redirects on Special:Fewestrevisions are now marked as such.
191191 * New date/time formats in Cs localization according to ČSN and PČP.
192192 * Added new hook LinkerLinkAttributes for modifying attributes of <a> tags.
193 -* HTML entities like &nbsp; now work (are not escaped) in edit summaries.
194 -* (bug 13815) In the comment for page moves, use the colon-separator message
195 - instead of a hardcoded colon.
196193 * Add a new hook SkinSetupSiteCss to allow extensions to define new stylesheets
197194 to load site wide, or modify the list of stylesheets to load. This can be useful
198195 for wiki farms who need a specific placement of the stylesheets to cascade right.

Follow-up revisions

RevisionCommit summaryAuthorDate
r39600Re-committing 37663 for the new release, per old Wikitech-l discussion....simetrical18:15, 18 August 2008

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r37663* (bug 13815) In the comment for page moves, use the colon-separator message ...simetrical21:43, 14 July 2008

Status & tagging log